razorpay

SUSPICIOUS. The skill’s purpose and core capabilities are internally consistent, and the CLI install source is an official npm package from the same publisher, so this is not overt malware. However, all Razorpay operations and authentication are mediated by Membrane rather than going directly to Razorpay, creating a third-party credential/data gateway pattern and moderate trust expansion beyond a simple first-party integration.