lucidworks

SUSPICIOUS. The skill is internally coherent as a Membrane-based Lucidworks integration, and its install path is legitimate npm-based tooling rather than a suspicious binary. However, all authentication and API traffic are routed through Membrane’s third-party CLI/service and proxy instead of directly to official Lucidworks endpoints, creating a meaningful credential-forwarding and data-flow risk that is broader than a direct Lucidworks skill.