email-finder-tomba

SUSPICIOUS. The skill's functionality mostly matches lead-enrichment use cases, but it routes all requests through a Gooseworks proxy instead of Tomba's official API, reads a local credential file, and depends on an unverified `npx` login path. The main concern is third-party interception and install trust, not confirmed malware.