thoughtspot

SUSPICIOUS: The skill is internally coherent as a Membrane-based ThoughtSpot integration, and the CLI comes from an official npm package rather than an unknown binary. However, the skill routes authentication and data through Membrane instead of directly to ThoughtSpot, and it uses mutable `@latest` CLI execution. This is not confirmed malware, but it introduces medium risk from intermediary data flow and supply-chain trust.