wealthbox

SUSPICIOUS. The skill's capabilities are broadly aligned with its Wealthbox integration purpose, and its install path uses an official npm package rather than an unverifiable binary. However, all authentication and data access are routed through Membrane instead of directly to Wealthbox, creating third-party credential/data exposure and moderate trust expansion; this is coherent with the product model but increases security risk versus a direct official API integration.