botpress

SUSPICIOUS. The skill's purpose and capabilities mostly align, and the CLI install path appears legitimate via official npm/docs. However, all Botpress access, authentication, and proxy requests are mediated by Membrane rather than going directly to Botpress official APIs, creating a third-party credential/data path and moderate real-world action risk.