questdb

SUSPICIOUS: the skill’s capabilities broadly match its stated QuestDB purpose, and the CLI comes from an official npm package, so this is not overtly malicious. However, all authentication and database interaction are funneled through Membrane as a third-party intermediary, creating medium data-flow and trust risk, especially with an unpinned `@latest` CLI install and indirect access model instead of direct QuestDB APIs.