veriphone

SUSPICIOUS. The skill's functionality broadly matches its stated Veriphone purpose, and its CLI comes from an official npm package. However, all authentication and API traffic are routed through Membrane as an intermediary rather than directly to Veriphone, and the skill uses unpinned `@latest` CLI execution. This is not clearly malicious, but the third-party credential/data routing and mutable install path create medium security risk.