HeyGen Automation

[Skill Scanner] Natural language instruction to download and install from URL detected The skill description is coherent and appropriate for a legitimate MCP-based HeyGen integration. It outlines standard toolflows, avoids embedding secrets, and manages sensitive outputs (video IDs, statuses, and shareable URLs) via trusted endpoints. No malicious behavior is evident; key security considerations center on token management, access scope, and handling of expiring shareable URLs. LLM verification: Functional design is coherent for HeyGen automation. The red flag is the undocumented third-party MCP endpoint (https://rube.app/mcp) used for authentication and API proxying — this concentrates credentials and content on an intermediary without a provided trust model. No explicit code-level malware indicators were found in the provided file, but the supply-chain/credential risk is significant unless the MCP operator is verified. Do not provide HeyGen credentials or upload sensitive content thro