twelve-data

SUSPICIOUS: the skill is coherent as a Membrane connector guide, but not as a direct Twelve Data integration. Its main risk is data-flow integrity: all access is funneled through Membrane's CLI/service instead of Twelve Data's official API, expanding trust and exposing user activity to an intermediary. The npm install path looks publisher-consistent, so this is not confirmed malware, but the third-party gateway model and unpinned CLI install make the skill medium risk.