composio-search-automation

The manifest itself is not executable malware and aligns with its stated purpose (discovering and executing Composio Search tools via an MCP). However, it intentionally centralizes discovery, auth, and execution through a third-party MCP (https://rube.app/mcp) and instructs operators to follow returned auth links without describing verification or token protection. This architecture creates a supply-chain risk: an untrusted or compromised MCP could harvest credentials, intercept sensitive queries/arguments/memory, or act as a persistent man-in-the-middle. Recommend: validate MCP operator trust and TLS identity, prefer direct vetted APIs when possible, enforce least-privilege scopes for tokens, require auditing/retention policies on the MCP, avoid placing high-sensitivity secrets in tool arguments or memory, and inspect auth URLs before following.