zoho-salesiq

SUSPICIOUS: The skill is mostly coherent and uses an official npm-distributed CLI, but it routes authentication and API traffic through Membrane as an intermediary rather than directly to Zoho. That third-party credential and data mediation is openly documented and aligned with the stated purpose, so this is not confirmed malware, but it creates a meaningful trust and data-flow risk.