equensworldline

SUSPICIOUS: The skill’s stated purpose matches its capabilities, and the CLI comes from a plausible official npm source, so this does not look like outright malware. However, it routes EquensWorldline authentication and API traffic through Membrane’s third-party platform and proxy rather than the official Worldline API directly, creating meaningful credential-forwarding and data-flow risk; the unpinned global CLI install adds modest supply-chain risk.