activecampaign-automation

No direct code-level malware indicators in the provided manifest. The dominant security concern is the architecture: all authentication and API traffic are routed through a managed MCP (https://rube.app/mcp). If the MCP is trusted and operated securely by Composio/Rube, the integration is functionally appropriate. If the MCP or its auth flows are untrusted or compromised, this design enables credential capture and bulk contact data exfiltration. Recommend requiring operator transparency about token storage and scopes, least‑privilege OAuth, and offering direct-API connection alternatives for high‑security deployments.