digistore24

SUSPICIOUS: The skill is broadly aligned with its Digistore24 integration purpose and uses an official-looking npm-distributed Membrane CLI, so this is not confirmed malware. The main concern is architectural: it intermediates Digistore24 authentication and API traffic through Membrane, and it exposes high-impact business actions including refunds and deletions, making the overall risk medium even though the install path appears legitimate.