rafflys-automation

SUSPICIOUS: The skill is broadly coherent as a Composio/Rube-based Rafflys automation guide, and its endpoint appears officially documented by the same org ecosystem. However, it routes actions and likely credentials through a third-party MCP/service layer instead of direct Rafflys APIs, and the setup wording understates the real authentication/trust model. Medium risk from delegated execution and indirect data flow, but not enough evidence for malware.