zoho-bigin

SUSPICIOUS. The skill's capabilities broadly match its stated Zoho Bigin integration purpose, and its install path is a legitimate npm-distributed vendor CLI rather than a stealth payload. However, the core data flow routes authentication and API traffic through Membrane infrastructure instead of directly to Zoho, creating a significant third-party credential and CRM data exposure surface that is disproportionate for users expecting a direct service integration.