payment-rails

SUSPICIOUS. The overall footprint is mostly coherent for a Membrane-hosted integration skill, and the CLI install path is from an official npm package rather than an unverifiable binary. However, the skill routes all Payment Rails/Trolley access through Membrane instead of the service's official API, uses mutable latest-tag execution, and contains an inconsistent 'official docs' link to Rapyd. That combination raises medium trust and data-flow concerns, but not enough evidence for malicious intent.