clover

SUSPICIOUS: The skill's purpose and capabilities are mostly aligned, and the install source appears legitimate and officially documented. However, it routes Clover authentication and API traffic through Membrane's intermediary platform rather than directly to Clover, which is a meaningful data-flow and credential-forwarding risk that should be disclosed and justified for the user.