firecom

SUSPICIOUS: The skill is internally coherent and uses an official npm-distributed Membrane CLI, so it is not overtly malicious. However, it proxies Fire.com access and authentication through Membrane rather than using Fire.com's official API directly, which creates a meaningful third-party trust and data-flow risk for a finance-related integration.