buildchatbot

SUSPICIOUS. The npm-installed Membrane CLI appears official and not overtly malicious, but the skill’s stated BuildChatbot purpose is undermined by an inconsistent official-doc link and by routing authentication and action execution through Membrane instead of a clearly verified first-party BuildChatbot API. This is best classified as medium risk due to third-party credential/data handling and service-identity ambiguity, not confirmed malware.