invoiced

The skill's stated purpose matches its capabilities, and the CLI appears to be an official Membrane tool from a legitimate registry. The main concern is architectural: all authentication and API traffic for Invoiced are funneled through Membrane rather than going directly to Invoiced, creating third-party credential and data handling risk. Overall this looks coherent but medium-risk, better classified as suspicious than benign due to intermediary routing and unpinned CLI installation.