zoho-catalyst

SUSPICIOUS. The skill’s functionality broadly matches its stated Zoho Catalyst purpose, and the CLI comes from an official npm package with matching vendor docs. The main concern is architectural: all authentication and API traffic are mediated by Membrane, a third-party intermediary, rather than going directly to Zoho’s native APIs. That makes this a moderate trust and data-flow risk, not confirmed malware.