zoho-inventory

SUSPICIOUS: the skill's business purpose is plausible, but its actual footprint centers on a third-party Membrane platform that handles authentication, action generation, and all API traffic instead of direct Zoho API use. The npm install path is relatively standard, so this is not confirmed malware, but the intermediary credential/data flow and mutable external CLI make the skill medium-high risk.