zoho-creator

SUSPICIOUS: The skill is coherent with its stated Zoho Creator purpose and uses an official same-vendor CLI from npm, so it is not overtly malicious. However, it requires routing authentication and data operations through Membrane rather than directly to Zoho, creating moderate third-party trust, credential-handling, and external-action risk.