truelayer

SUSPICIOUS. The skill is mostly coherent for a Membrane-based TrueLayer integration and uses an official npm-distributed CLI, so it does not look overtly malicious. However, it routes TrueLayer operations and authentication through Membrane as a third-party intermediary rather than directly to official TrueLayer APIs, which materially expands the trust boundary and creates credential/data-flow risk beyond a direct integration.