asana-automation

SUSPICIOUS: the skill's Asana automation purpose is coherent, but its data and auth flow are mediated by a third-party MCP service rather than direct Asana APIs. The main concerns are intermediary credential/data routing, inconsistent setup claims about API keys, and reliance on a separate hosted endpoint with weaker trust clarity; this is not confirmed malware.