heartland

SUSPICIOUS. The skill's purpose broadly matches Heartland integration, and the CLI source appears to be an official Membrane package, so this is not confirmed malware. However, the skill expands trust to a third-party platform that brokers authentication and data access for Heartland, creating medium risk from credential/data routing and unpinned CLI installation.