ratepay

SUSPICIOUS: the skill's basic purpose is coherent, and the CLI install comes from npm under matching vendor branding, so this is not overtly malicious. The main concern is data-flow integrity: instead of using Ratepay's official APIs directly, the skill requires routing authentication and operational data through Membrane as a third-party intermediary, with unpinned CLI installation and dynamic server-side action generation adding medium supply-chain and trust risk.