rocket-chat

SUSPICIOUS: The skill's core function is plausible, and the CLI install path is relatively trustworthy via npm, but the actual data flow is mediated through Membrane rather than Rocket.Chat's official API. That third-party gateway model, combined with server-side credential handling and action creation/execution against external systems, makes the footprint broader than a straightforward Rocket.Chat skill. This is not confirmed malware, but it carries medium security risk and trust-boundary concerns.