orama

SUSPICIOUS: The skill's core behavior is coherent, but it intermediates all Orama access through Membrane, so user auth, connection credentials, inputs, and results flow through a third-party service and CLI instead of official Orama APIs. Because the installer is an official npm package from the same vendor, this is not malicious by itself; the main concerns are third-party credential/data mediation and mutable `@latest` installs.