btcpay-server

SUSPICIOUS: the skill is broadly coherent for BTCPay automation, and the CLI install path appears to be the vendor's official npm package rather than a hidden payload. However, it centralizes authentication and API access through Membrane instead of direct BTCPay endpoints, and it enables consequential payment/admin actions plus arbitrary proxied BTCPay requests; this makes it medium risk despite no strong evidence of malware.