livekit

SUSPICIOUS: The skill is coherent with its stated purpose and uses an official npm-distributed CLI from the same product family, so it does not look overtly malicious. However, it routes LiveKit authentication and data access through Membrane’s intermediary platform instead of direct official LiveKit APIs, and it uses mutable `@latest` installs/execution. This makes it a moderate trust and data-flow risk rather than benign direct API integration.