z-api

SUSPICIOUS. The skill is not overtly malicious and uses an official npm-distributed CLI, but its actual footprint depends on a third-party intermediary (Membrane) for authentication and all API actions, while the stated target service is ambiguous due to a Zendesk docs mismatch. The main risks are intermediary data flow, broad remote action capability, and unpinned CLI execution rather than confirmed malware.