freshbooks-time-entry

SUSPICIOUS: the skill’s main behavior is coherent with time-entry sync, and data appears to flow to official FreshBooks destinations, but it relies on raw local credentials and an unverified sibling script for API operations. Risk is moderate because credential handling and trust boundaries are broader than necessary, though the provided skill text does not show clear exfiltration or malicious redirection.