fintoio

SUSPICIOUS: the skill’s stated purpose is Finto.io integration, but its actual operation depends on Membrane as a credential and API intermediary. The npm-installed CLI appears official and documented, so this is not strong malware evidence, but the indirect data flow and server-side credential handling make it a medium-risk skill that extends trust beyond Finto itself.