coda

SUSPICIOUS: the stated purpose is Coda integration, but the actual model is a Membrane-mediated proxy that handles authentication, stores connection credentials, and routes data/actions through a third-party service. Install trust is relatively normal via npm, but the credential and data-flow scope is broader than a direct Coda skill and is the main risk driver.