voodoo-sms

SUSPICIOUS: The skill's general function matches its stated purpose, and the CLI install path is relatively credible via npm. However, the core data flow is not direct to Voodoo SMS: authentication, connection management, and API traffic are routed through Membrane, creating a significant third-party intermediary trust boundary. This is not confirmed malware, but it is a medium-risk integration pattern that is broader than the skill description implies.