tinybird

SUSPICIOUS. The skill's stated purpose matches its Tinybird-management capabilities, and the CLI comes from an official npm package rather than an opaque binary. However, the integration is mediated through Membrane for authentication, action execution, and API proxying, so Tinybird data and credentials flow through a third-party platform instead of directly to Tinybird. Combined with unpinned `@latest` installs, this creates meaningful trust and data-flow risk even though the behavior is openly documented rather than covert.