treezor

SUSPICIOUS. The skill's purpose and capabilities are mostly aligned, and the CLI appears to be an official npm-distributed Membrane tool rather than an obvious malware dropper. The main concern is architectural: instead of calling Treezor directly, the skill routes authentication and data through Membrane as an intermediary, and it encourages remote action creation/execution with a mutable CLI install. That is not clearly malicious, but it is a meaningful trust expansion and medium security risk for a banking-related integration.