schedule-it

SUSPICIOUS. The skill is not overtly malicious and its capabilities generally match a Schedule it integration, but it introduces a third-party intermediary (Membrane) for authentication and data access instead of using Schedule it’s official API directly. The npm-based CLI install is relatively standard, yet the main risk is credential and data routing through Membrane infrastructure, plus dynamic action creation on that platform. This is a coherent integration skill, but trust is meaningfully expanded beyond Schedule it itself.