square

SUSPICIOUS: the install path is relatively trustworthy and publisher-consistent, but the skill has notable alignment issues and sends Square auth/data through Membrane as an intermediary rather than using official Square APIs directly. This looks more like a broad Membrane connector wrapper than a narrowly scoped Square skill, creating medium security risk without clear evidence of malware.