nhost

SUSPICIOUS: The skill is broadly aligned with its stated purpose and uses an official npm-distributed Membrane CLI, so it is not overtly malicious. However, it routes Nhost access, credentials, and API traffic through Membrane rather than official Nhost APIs, adding a third-party trust boundary and moderate data-flow risk.