ecwid

SUSPICIOUS: the install path is relatively trustworthy, but the skill’s real footprint is an Ecwid-through-Membrane integration, not direct Ecwid access. Requiring a Membrane account and proxying auth and API traffic through Membrane creates a meaningful third-party credential and data-flow risk beyond what users may expect from an Ecwid skill.