nozbe-teams

SUSPICIOUS. The skill is internally coherent and uses an official-looking same-brand npm CLI, so it is not clearly malicious. However, it routes Nozbe access, authentication, and action execution through Membrane as a third-party intermediary rather than direct official Nozbe APIs, and it encourages broad reliance on that gateway. The main risk is third-party credential/data handling plus unpinned CLI installation, not confirmed malware.