dbt-cloud

SUSPICIOUS. The skill is largely coherent with its stated dbt Cloud management purpose and uses an official-looking same-org npm CLI, so it does not look outright malicious. However, all dbt Cloud access is mediated through Membrane rather than dbt's official API, meaning credentials and account data flow to a third-party service, and the skill exposes sensitive administrative actions. This makes it a medium-risk, trust-expanding integration rather than a clearly benign direct API wrapper.