zoho-assist

SUSPICIOUS. The skill is coherent in purpose and uses a verifiable first-party CLI from npm, so it is not malware-like. However, all Zoho Assist access is mediated through Membrane, which introduces third-party credential handling and proxy data flow that exceed a direct Zoho integration; this is a medium-risk trust and data-routing concern, not confirmed malicious intent.