wepay

SUSPICIOUS: The skill is largely coherent for a WePay integration and uses an official same-org npm CLI, so this is not confirmed malware. However, it routes all WePay operations and credential handling through Membrane rather than directly to official WePay endpoints, creating meaningful third-party trust and data-flow risk; the unpinned `@latest` usage adds minor supply-chain risk.