alexishr

SUSPICIOUS: the skill is mostly coherent as a Membrane-hosted AlexisHR integration and uses a legitimate npm-distributed CLI, but it routes credentials and HR data through Membrane instead of the official AlexisHR API. The main concerns are third-party credential/data custody and the unpinned global CLI install, not confirmed malware.