quickbooks

SUSPICIOUS: The skill’s accounting capabilities mostly match its stated QuickBooks purpose, and the CLI comes from an official npm package tied to the same vendor. The main risk is architectural: QuickBooks auth and data are mediated by Membrane, a third-party intermediary, and the skill enables write actions with real-world financial impact. This is not confirmed malware, but it carries medium security risk and should only be used with clear user approval for each state-changing action.