aloha-pos

SUSPICIOUS: the skill’s stated Aloha POS purpose is plausible, and the CLI install path is relatively normal, but the actual integration is mediated through Membrane rather than official Aloha APIs. That third-party credential/data routing is a material integrity concern, though there is no clear evidence of outright malware or unrelated capability abuse.