educateme

SUSPICIOUS. The skill’s overall purpose is coherent, and the Membrane CLI comes from an official npm package rather than an obviously malicious installer. However, the integration routes authentication, action creation, and EducateMe data through a third-party broker (Membrane) instead of direct official EducateMe APIs, and the description is inconsistent about EducateMe documentation. This is not confirmed malware, but it carries medium security risk due to third-party credential/data mediation, remote action generation, and unpinned CLI installation.