arangodb

SUSPICIOUS. The skill is not overtly malicious and its install path appears to use a legitimate first-party npm package, but its actual footprint is broader than a direct ArangoDB integration: all authentication, connection management, and data actions are routed through Membrane. That intermediary data flow and delegated credential handling create a medium security risk, amplified by the unpinned global CLI install and minor publisher-identity mismatch.