hasura

SUSPICIOUS: the skill is mostly coherent and uses an official npm-published CLI, but it does not talk to Hasura directly. It requires a Membrane account and routes authentication, credentials, and API traffic through Membrane's managed connection/proxy layer, which creates a meaningful third-party trust and data-flow risk. No strong signs of malware or obfuscation were found.