dc-bank

SUSPICIOUS: the skill is mostly coherent with its stated purpose, but it routes financial authentication and data through Membrane rather than direct bank APIs and executes unpinned CLI code from npm. This looks more like a legitimate hosted integration than malware, yet the third-party intermediary model and financial-data scope create medium security risk.