onespan

SUSPICIOUS: The skill's capabilities broadly match its purpose, and installation uses an official npm package rather than an unverifiable binary. However, the integration is not a direct OneSpan client: authentication, credential storage, and API requests are mediated by Membrane infrastructure, which creates a nontrivial third-party data flow that users may not expect from a vendor-specific skill.