vosfactures

SUSPICIOUS: the skill’s stated purpose matches its capabilities, and the CLI comes from an official npm package, so this is not overtly malicious. However, it routes authentication and all Vosfactures operations through Membrane as an intermediary, uses an unpinned third-party CLI, and enables live business-data actions via that platform; this makes it a medium-risk integration rather than a benign direct API helper.