databox

SUSPICIOUS: The skill is coherent for Databox integration, and its install path appears to use Membrane's official npm-distributed CLI. However, all Databox authentication and API traffic are routed through Membrane rather than directly to Databox, creating a meaningful third-party credential and data mediation risk; combined with unpinned `@latest` installs, this makes the skill medium risk rather than benign.