ready2order

SUSPICIOUS: The skill is mostly coherent for a Membrane-hosted Ready2order integration, and the CLI install path is from an official npm package rather than an unverifiable binary. The main concern is data-flow integrity: Ready2order authentication and API traffic are routed through Membrane's managed platform/proxy instead of directly to Ready2order, so business data and tokens are forwarded to a third party. This is disclosed and proportionate to Membrane's stated integration model, so it is not confirmed malware, but it carries medium security risk.