edusign

SUSPICIOUS: The skill’s purpose is coherent, and the install source appears official, so this is not malicious on its face. However, it proxies Edusign access through Membrane’s CLI/service rather than using Edusign’s official API directly, creating a third-party credential/data path and broader trust dependency; combined with unpinned global CLI installation and remote action generation, that makes the skill medium risk.