bexio

SUSPICIOUS. The skill’s purpose and capabilities mostly align, and the CLI comes from a plausible official npm source. The main risk is architectural: it routes Bexio authentication and API traffic through Membrane as an intermediary, so business data and auth handling depend on a third-party service rather than direct official Bexio API calls. That is disclosed, not hidden, so this is not confirmed malware, but it carries meaningful trust and data-flow risk.