medusa-commerce

SUSPICIOUS. The skill's purpose and capabilities are mostly aligned for a Medusa integration, and the CLI install source appears official and same-vendor. The main concern is data-flow integrity: Medusa access is routed through Membrane's infrastructure, which introduces a third-party intermediary for authenticated API traffic and broad remote actions. This is not confirmed malware, but it is a medium-risk integration pattern that requires trust in Membrane beyond Medusa itself.