Ewebinar

This skill appears to be a legitimate Membrane-based EWebinar connector, but there are important omissions and a few risks to consider before installing: - Manifest mismatches: The runtime instructions require `npx` and will create `~/.membrane/credentials.json`, yet the skill's manifest declares no required binaries or config paths. Ask the author to update the manifest to list required binaries (npx/npm/node) and the config path so you know what will be touched. - Dynamic install risk: Running `npx @membranehq/cli@latest` will download and execute code from npm the first time — verify the package identity (publisher, repo) before allowing it, or run in an isolated environment. - Persistent credentials: The login flow stores credentials locally. Review what the Membrane CLI stores in `~/.membrane/credentials.json` and whether those credentials grant access beyond EWebinar. If you cannot inspect the stored file or do not trust the package, avoid running the login flow on sensitive systems. - Proxy capability: The skill documents that Membrane can proxy arbitrary URLs. That is convenient but can be used to send requests to unintended endpoints. Confirm that the agent using this skill will only be asked to call EWebinar endpoints and not arbitrary external services, or constrain the Membrane connection accordingly. Recommended actions before use: request an updated manifest that declares required binaries and config paths; verify the `@membranehq/cli` npm package and its repository; test the login flow in a throwaway account or isolated VM; and confirm what domains and scopes the Membrane connection will permit.