zoho-expense

SUSPICIOUS. The skill’s capabilities fit its stated Zoho Expense integration purpose, and the CLI comes from an official npm package tied to the same publisher. However, all authentication and API interaction are mediated through Membrane rather than direct Zoho endpoints, so credentials and business data are entrusted to a third-party platform. Combined with mutable `@latest` installs, this makes the skill higher-risk than a direct API integration, though not malicious.