zoho-cliq

SUSPICIOUS. The skill is internally consistent as a Membrane-based Zoho Cliq integration, and its CLI distribution appears legitimate, but it materially expands the trust boundary by routing authentication and API requests through Membrane rather than Zoho directly. The main risks are third-party credential/data mediation and mutable CLI execution via npx @latest, not confirmed malware.