chatbase

SUSPICIOUS: The skill is internally coherent as a Membrane-powered Chatbase integration, and its CLI install path is from an official npm package rather than an unverifiable binary. However, all authentication and API traffic are routed through Membrane instead of directly to Chatbase, creating a third-party credential/data mediation layer that is broader than a typical direct API skill. This is not confirmed malicious, but it carries medium security risk due to intermediary data flow and mutable CLI installs.