nhost

SUSPICIOUS. The skill's capabilities broadly match its stated purpose, and the CLI install source appears official and registry-based, so this is not strong evidence of malware. However, the integration is fundamentally a Membrane proxy for Nhost: authentication, credential storage/refresh, action discovery, and action execution are all routed through Membrane rather than official Nhost APIs, creating meaningful third-party credential-forwarding and data-flow risk. Overall this is coherent but medium risk due to intermediary trust and unpinned CLI installation.