shopline

SUSPICIOUS. The skill’s capabilities mostly match its stated Shopline integration purpose, and the CLI comes from an official npm package rather than an unverifiable binary. However, all Shopline access and credential handling are routed through Membrane’s intermediary service instead of direct Shopline APIs, creating a meaningful third-party credential/data flow and moderate operational risk. This looks like a legitimate integration pattern, but the proxy/auth architecture and unpinned external CLI keep it above benign.