yoco

SUSPICIOUS: The skill is broadly aligned with Yoco integration and uses an official-looking npm-distributed CLI, so it is not confirmed malware. However, it requires a Membrane account and routes Yoco authentication and API traffic through Membrane’s intermediary service rather than direct Yoco APIs, creating meaningful credential/data-flow and transaction-risk concerns.