sage-accounting

SUSPICIOUS: the skill's accounting capabilities match its stated purpose, and the CLI install source is relatively normal, but the integration is built around Membrane as a full intermediary for authentication, proxying, and data access rather than direct Sage API use. That makes the main risk data-flow integrity and credential forwarding to a third-party platform, not classic malware behavior.