finix

SUSPICIOUS: The skill's purpose and capabilities mostly align, and the CLI install path appears to be official npm-based rather than a deceptive payload. The main concern is data-flow integrity and trust expansion: Finix access and credentials are mediated by Membrane, a third-party integration layer, so payment data and auth do not flow directly to Finix. This is plausible for an integration skill but increases risk, especially with unpinned CLI installs and broad action/proxy capability against a payments system.