yapily

SUSPICIOUS: The skill is mostly coherent with its stated Yapily integration purpose and uses an official same-vendor npm CLI, so install trust looks acceptable. The main risk is architectural: Yapily access and credentials are mediated through Membrane’s backend/proxy, meaning sensitive financial data and potentially payment actions flow through a third-party platform rather than directly to Yapily. This is proportionate to the product design but still a medium security risk due to financial-data sensitivity and intermediary trust.