datagma

SUSPICIOUS: The skill's purpose and capabilities are mostly aligned, and the CLI install path appears legitimate via official npm publishing. However, the integration routes Datagma authentication and API traffic through Membrane as an intermediary, which adds medium trust and data-flow risk compared with direct use of Datagma's official API. No clear malware or credential-stealing behavior is shown, but the proxy-based architecture and third-party credential handling make this higher risk than a direct API skill.