harperdb

SUSPICIOUS: The skill is broadly coherent for HarperDB integration, and the CLI comes from an official registry rather than an opaque binary. However, it requires a third-party Membrane account and routes authentication, requests, and data through Membrane instead of direct HarperDB APIs, creating meaningful intermediary trust and data-flow risk; combined with unpinned `@latest` installs, this is more than benign but not malicious.