typesense

SUSPICIOUS: The skill’s stated purpose matches its capabilities, and installation uses an official npm package, so this is not overt malware. However, the integration materially shifts trust from direct Typesense API access to Membrane as a credential-storing proxy and action gateway, which creates medium security risk and weaker data-flow integrity than a direct official API pattern.