brevo-automation

SUSPICIOUS: The skill’s Brevo-focused capabilities are mostly aligned with its stated purpose, and the external service appears to be an official Composio/Rube integration rather than a random payload. However, it routes Brevo operations through a third-party MCP intermediary instead of direct Brevo APIs, enables real-world outbound email changes, and contains a meaningful setup/auth inconsistency about API key requirements. Not confirmed malware, but medium-high security risk due to intermediary data flow and autonomous email-operation potential.