emelia-automation

SUSPICIOUS. The skill's purpose and capabilities are broadly aligned, and the endpoint appears to be official Composio infrastructure rather than a random third party. However, it acts as a gateway skill: Emelia authentication and all tool execution are mediated through Rube/Composio instead of direct Emelia APIs, so user data and credentials depend on that intermediary's trust model. There is no opaque binary download here, which lowers supply-chain concern, but the remote MCP can dynamically expose actions and schemas, creating moderate execution and data-flow risk.