hootsuite

SUSPICIOUS. The skill is broadly coherent for Hootsuite management, and the CLI install path appears legitimate via npm, but the actual data flow goes through Membrane as a third-party credential and API proxy rather than directly to Hootsuite. That intermediary design is disclosed, so this is not confirmed malicious, but it creates medium security risk and trust expansion beyond a plain Hootsuite integration.