chatwork

SUSPICIOUS: The skill's purpose matches Chatwork operations, and the CLI install path looks like an official same-org npm package. The main concern is data-flow integrity: authentication and API traffic are mediated by Membrane rather than going directly to Chatwork, giving a third-party service access to Chatwork data and action capability. This is not confirmed malware, but it is a medium-risk managed-proxy pattern that expands trust beyond what a direct Chatwork skill would require.