alegra

SUSPICIOUS: The skill's purpose broadly matches its capabilities, but it routes all Alegra access through Membrane's CLI and managed service instead of the official Alegra API. The npm-based installer is legitimate and documented, so this is not strong evidence of malware, but the third-party mediation of authentication, connection management, dynamic action creation, and business-data operations makes the trust and data-flow footprint broader than a direct Alegra integration.