grafbase

SUSPICIOUS: The skill's capabilities broadly match its purpose, and the CLI install path appears legitimate and publisher-consistent. However, the core integration is mediated through Membrane rather than direct Grafbase APIs, meaning authentication and request data are routed through a third-party proxy/service; this is disclosed and coherent, but materially increases trust and data-flow risk.