zoho-calendar

SUSPICIOUS: the skill's purpose and capabilities mostly align, and the CLI install path appears officially documented via npm, but all Zoho access is mediated through Membrane rather than Zoho's official API. That third-party credential and data routing makes the skill materially riskier than a direct Zoho integration, though not clearly malicious.