wave-financial

SUSPICIOUS: The skill is internally coherent for a Membrane-published Wave integration, and its CLI install path appears official. The main risk is architectural: Wave credentials and API traffic are mediated by Membrane rather than going directly to Wave, and the skill enables high-impact financial actions through a broad proxy interface. This looks more like a high-trust third-party integration than malware, but it carries medium security risk and should be used only when that intermediary model is acceptable.