paykickstart

SUSPICIOUS: The skill's purpose and capabilities mostly align, and the CLI comes from an official npm package rather than an unverifiable binary. However, all PayKickstart authentication and API traffic are funneled through Membrane's intermediary service, so credentials and data are forwarded to a third party instead of going directly to PayKickstart. This is disclosed and may be legitimate for Membrane's platform, but it materially raises trust and data-flow risk beyond a direct API integration.