mixpanel-automation

This skill manifest is functionally coherent for automating Mixpanel analytics via a Composio Rube MCP toolkit, but its architecture centralizes Mixpanel authentication and API traffic through a third-party MCP endpoint (https://rube.app/mcp). That intermediary design is the primary security concern: credentials, query inputs (including JQL scripts), query results, and batch profile updates would transit or be stored by the MCP. The manifest lacks detail about scopes, token storage, retention, or verification of the MCP endpoint, and it allows write operations (profile batch updates) and arbitrary JQL scripts, increasing the potential for credential exposure or data exfiltration. Recommend treating this as a medium-to-high supply-chain risk unless the MCP is vetted, connection scopes are limited to least privilege, and explicit guarantees about token handling, logging, and retention are provided.