fivetran

SUSPICIOUS: The skill's capabilities fit its stated Fivetran-management purpose, and the CLI install path is reasonably consistent with the publisher via npm. The main risk is architectural: all authentication and API operations are mediated through Membrane rather than direct Fivetran endpoints, creating third-party credential and data-flow exposure, plus the skill enables impactful administrative actions. This is not confirmed malicious, but it is medium risk and should be trusted only if Membrane is an explicitly accepted intermediary.