worldline

SUSPICIOUS. The skill's core capability matches its purpose, and the CLI comes from an official npm package rather than an obviously malicious source. However, all Worldline access is mediated through Membrane's managed auth/proxy layer instead of direct Worldline APIs, introducing a third-party data and credential handling path that is broader than a pure Worldline integration. Overall this looks coherent but medium-risk due to intermediary routing and unpinned CLI installs, not confirmed malware.