tellmoney

SUSPICIOUS: the skill is broadly consistent with its stated Tell.money integration purpose, and the CLI comes from an official npm package tied to the same vendor ecosystem. However, it routes authentication and financial-data access through Membrane rather than direct Tell.money APIs, uses mutable latest-version CLI execution, and enables broad proxied requests and potentially consequential payment actions. This looks like a legitimate but higher-trust integration pattern, not confirmed malware.