crowdbotics

SUSPICIOUS. The skill is coherent in function, but its real footprint is broader than a direct Crowdbotics integration: it requires installing Membrane’s CLI and routing authentication, action discovery, and action execution through Membrane infrastructure instead of Crowdbotics’ official APIs. The install source appears same-vendor and official via npm, so this is not confirmed malicious, but the intermediary data flow and unpinned `@latest` CLI add meaningful trust and credential-forwarding risk.