dashbotio

SUSPICIOUS: the skill's general purpose matches Dashbot.io operations, and the CLI comes from an official npm source, but the real data flow is through Membrane as an intermediary rather than directly to Dashbot. That third-party proxy model and broad request capability make the footprint less trustworthy than the description implies, despite not showing clear malware behavior.