budget-insight

SUSPICIOUS: The skill is mostly coherent with its stated purpose and uses an official npm-published Membrane CLI, so this is not confirmed malware. However, all Budget Insight access and authentication are mediated through Membrane, a third-party intermediary that stores/handles connection credentials and data, which creates meaningful trust and data-flow risk for a finance integration.