hotmart

SUSPICIOUS. The skill is broadly consistent with a Membrane-based Hotmart integration and uses an official npm-distributed CLI, so there is no strong evidence of malware. However, it routes authentication and data through Membrane rather than directly to Hotmart, uses mutable `@latest` installs, and claims an unusually broad action surface for a Hotmart skill, creating medium security and trust risk.