zendesk-guide

SUSPICIOUS. The skill is broadly coherent as a Zendesk Guide integration, and its CLI comes from an official npm package rather than an unverifiable binary. However, all authentication and API traffic are routed through Membrane instead of directly to Zendesk, so credentials and data are entrusted to a third-party gateway. That makes the footprint larger than a direct Zendesk skill and raises medium security risk, but not enough evidence suggests confirmed malware.