espocrm-automation

SUSPICIOUS: the skill is mostly aligned with its stated EspoCRM automation purpose and uses same-ecosystem Composio/Rube infrastructure, but it relies on a third-party hosted MCP intermediary for tool discovery, authentication, and execution. The main concerns are credential/API mediation through Composio, mutable remote-service trust, and inconsistent setup claims about authentication. This looks more like a medium-risk hosted integration than malware.