botconversa

SUSPICIOUS: The skill is broadly coherent for a Membrane-based BotConversa integration and uses an official npm-distributed CLI, so it is not malware-like. Risk comes from intermediary routing through Membrane, credential handling delegated to that service, and the ability to take real-world messaging and record-modification actions.