jack-henry

SUSPICIOUS. The skill's stated purpose matches its capabilities, and the CLI install path is consistent with the publisher, so this is not overt malware. The main concern is data-flow integrity: Jack Henry access is brokered through Membrane's proxy and credential-management layer, meaning sensitive banking data and delegated auth are exposed to a third-party intermediary rather than official Jack Henry endpoints directly.