coda-automation

SUSPICIOUS: The skill's capabilities largely match Coda automation, but it relies on a third-party hosted MCP gateway that brokers Coda auth and data through Composio/Rube rather than direct official API use. That hosted-service trust plus the ability to publish documents and modify sharing makes this medium-to-high risk even without clear malware indicators.