xata

SUSPICIOUS: The skill's purpose is plausible, and the Membrane CLI install path is same-org and registry-based, so this is not confirmed malware. However, the skill is framed as a Xata integration while routing authentication, action execution, and data through Membrane as a third-party intermediary instead of Xata's official interfaces, which raises medium security and data-flow concerns.