cognite

SUSPICIOUS: The skill’s purpose and capabilities mostly align, and the installer is from npm rather than an obviously unsafe source. However, it adds a third-party control plane (Membrane account, CLI, and hosted connection/action system) between the agent and Cognite, so credentials and data are routed through an intermediary instead of directly to Cognite. This is a coherent integration pattern but carries medium trust and data-flow risk, especially with an unpinned CLI install and service-mediated auth/actions.