cloudquery

SUSPICIOUS. The skill's core purpose is coherent, and the CLI installer appears to be an official npm-distributed tool from the same vendor ecosystem. However, the integration is not a direct CloudQuery client: authentication and API requests are routed through Membrane's service/proxy, so CloudQuery data and delegated access flow through an intermediary. That makes the skill higher trust and medium risk, but not clearly malicious.