klaviyo-automation

SUSPICIOUS. The skill's capabilities fit its stated Klaviyo automation purpose, and the referenced Rube/Composio service appears to be a real same-org product rather than a random payload source. However, it routes Klaviyo data and authentication through a third-party MCP gateway instead of Klaviyo's official first-party MCP, adding an unnecessary trust hop for account access and marketing data. This is not confirmed malware, but it is a medium-risk integration due to intermediary data flow and remote service trust.