paycaptain

SUSPICIOUS. The skill is internally coherent as a Membrane-based PayCaptain integration and uses an official npm-distributed CLI, so it is not confirmed malware. However, it routes authentication, action generation, and PayCaptain data access through Membrane rather than directly to official PayCaptain endpoints, creating intermediary trust and credential/data-flow risk; mutable `@latest` installs add supply-chain exposure.