baserow

SUSPICIOUS: the skill’s core function is plausibly related to Baserow, but its actual data flow is through Membrane as a credential-managing intermediary rather than directly to Baserow. The npm-installed CLI appears legitimate and official enough to avoid high supply-chain scoring, yet the proxy/auth design introduces meaningful third-party credential and data-routing risk that is broader than a direct Baserow integration.