addevent

SUSPICIOUS. The skill is mostly coherent with its stated purpose and uses an official npm-distributed CLI, so it does not look malicious. However, it is not a direct AddEvent integration: all authentication and API access are routed through Membrane, a third-party intermediary that stores/manages credentials and proxies requests. That disclosed middleware design creates medium trust and data-flow risk, plus minor supply-chain risk from a global unpinned CLI install.