botmaker

SUSPICIOUS: the skill’s capabilities broadly match its stated Botmaker-management purpose, and the CLI install path appears official and proportionate. However, authentication and API traffic are mediated through Membrane rather than direct Botmaker endpoints, and the skill enables externally visible actions like sending messages; this creates medium risk from third-party credential/data routing and autonomous action potential, but not clear malicious intent.