hotjar

SUSPICIOUS. The skill's actions fit Hotjar access, and the CLI install path looks legitimate, but the core data flow is routed through Membrane rather than directly to Hotjar. That third-party mediation of authentication, request proxying, and data access makes the skill higher risk than its stated Hotjar-only purpose suggests.