wakatime-automation

SUSPICIOUS. The skill is broadly aligned with its stated purpose, but it routes WakaTime operations and authentication through Composio/Rube as an intermediary and depends on a remote MCP endpoint plus dynamic schema discovery. This is not clear malware, but it creates medium trust and credential-forwarding risk compared with direct official API use.