qualiobee

SUSPICIOUS. The skill is professionally presented and uses an official npm-distributed CLI from the same publisher, so this is not confirmed malware. However, the stated purpose is a Qualiobee integration while the actual data flow and auth model route everything through Membrane, a third-party intermediary that manages credentials and handles actions server-side. That mismatch raises medium security concerns around credential forwarding, data visibility, and broadened scope.