holded

SUSPICIOUS: The skill is mostly aligned with its stated purpose and uses an official npm-distributed CLI from the same publisher, so it is not overt malware. The main risk is architectural: Holded authentication and data are routed through Membrane's platform, and the skill can dynamically create remote actions, making it a moderately risky third-party gateway rather than a simple direct Holded integration.