botpress

SUSPICIOUS: the skill's purpose and capabilities are mostly coherent, and the CLI install path appears to be official and same-publisher. However, it routes Botpress authentication and data access through Membrane rather than the official Botpress API, creating intermediary trust, credential-handling, and data-flow risk; combined with state-changing external actions and an unpinned CLI install, this is better classified as suspicious than benign.