stripe-identity

SUSPICIOUS. The skill’s purpose and capabilities mostly align, and the Membrane CLI appears to come from the expected publisher via npm. However, a Stripe Identity skill that routes authentication and API traffic through Membrane’s intermediary platform creates a significant third-party trust and data-flow risk, and the use of unpinned `@latest` installs adds supply-chain exposure. This looks more like a brokered integration than direct Stripe access; not confirmed malicious, but risk is medium due to credential handling and proxy-based data flow.