bigcommerce

SUSPICIOUS. The skill's capabilities are largely aligned with its BigCommerce purpose, and the CLI install source appears legitimate via official npm distribution. The main concern is data-flow integrity: BigCommerce requests and credentials are mediated by Membrane rather than sent directly to official BigCommerce endpoints, creating a third-party trust boundary that is not strictly necessary for a direct integration. This looks more like a managed proxy integration than overtly malicious behavior.