kontomatik

SUSPICIOUS: The skill's purpose broadly matches a Kontomatik integration, and the CLI comes from npm rather than an obviously malicious installer. However, sensitive financial data and authentication are mediated through Membrane's proxy/service instead of flowing directly to official Kontomatik endpoints, and the install uses unpinned `@latest`. This is not confirmed malware, but it introduces medium risk and a notable third-party data-flow concern.