companyhub

SUSPICIOUS: the skill is broadly coherent for a CompanyHub integration, and the CLI comes from an official npm package, so this is not strong evidence of malware. However, all authentication and CRM data are intentionally routed through Membrane instead of directly to CompanyHub, creating a meaningful third-party trust and data-handling risk that is higher than a direct official API integration.