shipstation

SUSPICIOUS: The skill’s capabilities mostly match its ShipStation integration purpose, and the Membrane CLI appears to be an official same-vendor npm package rather than an unverifiable payload. The main concern is data-flow integrity: ShipStation access and credential handling are mediated through Membrane’s proxy/service instead of direct calls to ShipStation, which adds a third-party trust boundary and moderate operational risk.