lastpass-automation

SUSPICIOUS: the skill is coherent in purpose, but it routes highly sensitive LastPass actions through Composio's third-party MCP platform instead of direct official service calls, and its setup claim about needing no API keys is not consistently true. No malware-like payloads or installer abuse are present, but the intermediary data flow and high-impact credential domain raise meaningful security risk.