chatwoot

SUSPICIOUS. The skill is internally coherent for a Membrane-published integration, and the install source is relatively trustworthy, so it does not look malicious. However, its actual data flow is not a direct Chatwoot integration: it requires a Membrane account, routes auth and API activity through Membrane-managed services, and uses an unpinned global CLI, making the overall risk medium.