heygen

SUSPICIOUS: The skill is coherent for HeyGen operations, but it does not integrate with HeyGen directly. It requires trusting Membrane as both installed CLI and credential/data intermediary, including arbitrary proxy requests and server-side token handling. This is not confirmed malware, but the third-party credential routing and proxy-based data flow raise medium risk beyond a normal direct API skill.