captain-data

SUSPICIOUS. The skill is coherent for a Captain Data integration and uses an official npm-distributed CLI, so it does not look malicious. However, it routes authentication, API access, and data through Membrane as an intermediary rather than directly to Captain Data, and it installs an unpinned external CLI; this creates meaningful trust and data-flow risk even though the overall footprint is proportionate to the stated purpose.