xendit

SUSPICIOUS: The skill’s broad shape is coherent for a Membrane-based Xendit connector, and the CLI install path appears vendor-consistent. However, the skill is not a direct Xendit integration: it requires a separate Membrane account and routes authentication, action discovery, and Xendit operations through Membrane as an intermediary. That third-party data path and credential trust expansion make the skill medium risk despite low evidence of outright malware.