buildchatbot

SUSPICIOUS: The skill's core function is plausible and the CLI install path appears same-vendor and registry-based, so this is not strong malware evidence. However, the skill routes all interaction through Membrane-managed connections and a proxy rather than clearly documented official BuildChatbot endpoints, and the mismatched IBM docs link creates identity/data-flow ambiguity. Moderate security risk from third-party credential delegation and proxying, not confirmed malicious behavior.