datarobot

SUSPICIOUS. The skill’s capabilities broadly match its stated DataRobot integration purpose, and the CLI install path is consistent with the publisher’s official npm distribution. The main concern is data-flow integrity: DataRobot access is mediated through Membrane rather than direct official DataRobot endpoints, so credentials and API traffic are entrusted to a third-party intermediary. This is not confirmed malware, but it is a medium-risk integration pattern with external-action capability.