bigpicture-io-automation

SUSPICIOUS: the skill's purpose is coherent, and the Composio/Rube relationship appears legitimate, but it routes operations and likely credentials through a third-party managed MCP layer, with a notable docs mismatch about API keys. This is better classified as a medium-risk remote automation skill than malware.