tinybird

SUSPICIOUS: The skill’s capabilities largely match its stated Tinybird/Membrane integration purpose, and the CLI install path appears to be the official vendor npm package rather than an unverifiable binary. The main concern is data-flow integrity: Tinybird access and auth are mediated through Membrane rather than direct Tinybird APIs, which expands trust and exposes user data/credentials to an intermediary service. This is not fundamentally incompatible with the skill’s purpose, but it is a moderate third-party proxy risk rather than a low-risk direct integration.