mip-fund-accounting

SUSPICIOUS: the skill is coherent with Membrane’s stated integration purpose and uses an official npm package, but it routes MIP authentication and data access through Membrane rather than official MIP APIs. That intermediary credential and data flow is broader than a direct integration and creates medium-high security risk, though there is no clear evidence of malware or obfuscation.