tideways

SUSPICIOUS: the skill’s core function is coherent, and installation comes from an official npm package, but the actual data flow is a third-party Membrane-mediated proxy rather than direct Tideways API access. That hidden-in-plain-sight intermediary trust makes the skill riskier than a normal first-party Tideways integration, though not clearly malicious.