lookml

SUSPICIOUS: The skill's capabilities broadly match its stated LookML integration purpose, and the CLI install source appears legitimate. The main concern is data-flow integrity: LookML API access and authentication are mediated through Membrane rather than going directly to Google's official API, which expands trust to a third party and enables credential/data handling outside the official service boundary. Risk is moderate, driven more by intermediary routing and mutable `npx @latest` usage than by overtly malicious behavior.