greythr

SUSPICIOUS. The skill is mostly coherent with its stated GreytHR integration purpose and uses an official npm-distributed CLI, not a raw payload. However, it routes credentials and sensitive HR/payroll data through Membrane as a third-party intermediary rather than directly to official GreytHR endpoints, which creates a meaningful data-flow and trust-boundary risk. This looks like a legitimate integration pattern with elevated privacy/security exposure, not confirmed malware.