apache-superset

SUSPICIOUS. The skill's purpose and commands are internally consistent, and the CLI install path appears official and documented. The main concern is architectural: Superset access, credentials, and data are routed through Membrane rather than directly to Superset, creating a third-party trust boundary that is broader than a native Superset skill. This looks more like a managed integration proxy than malware, with medium security risk from intermediary data flow and unpinned CLI installation.