flinks

SUSPICIOUS. The skill’s purpose is coherent, and the CLI comes from an official npm package, so this is not confirmed malware. However, it requires a third-party Membrane account and routes Flinks authentication and financial data through Membrane infrastructure instead of direct official Flinks API usage, which materially increases credential and data exposure risk.