bigcommerce

SUSPICIOUS: The skill’s capabilities match its stated BigCommerce integration purpose, and the CLI comes from an official npm package tied to the same publisher. However, the skill routes authentication and API activity through Membrane rather than directly to BigCommerce, so credentials and store data are entrusted to a third-party intermediary. This is coherent with the skill’s design, so it is not malicious, but it carries medium security risk due to credential/data forwarding and mutable CLI installation.