docusign-automation

SUSPICIOUS. The skill's DocuSign capabilities fit its stated purpose, and the Rube endpoint is verifiably official Composio infrastructure, so this is not fundamentally deceptive. However, it proxies DocuSign operations and OAuth-connected account access through Composio's MCP service rather than direct official DocuSign APIs, and the setup claim is somewhat misleading about auth requirements. Overall this is a coherent but medium-risk third-party mediated automation skill, not confirmed malware.