square-automation

SUSPICIOUS: the skill is purpose-aligned for Square automation and avoids obvious malware patterns, but it routes authentication and business data through a third-party hosted MCP/intermediary rather than directly to Square. Its ability to perform financial/accounting actions and its dependence on a sunset hosted service make it high operational risk even without confirmed malicious intent.