checkoutcom

SUSPICIOUS. The skill is internally coherent and uses an official npm-distributed Membrane CLI, so it is not overt malware. However, its core design sends Checkout.com authentication and API activity through Membrane rather than directly to Checkout.com, creating a meaningful third-party trust and credential/data handling risk; combined with financial-action capability and unpinned `@latest` installs, this makes it medium risk rather than benign.