slack-automation

SUSPICIOUS. The skill’s Slack capabilities fit its stated purpose, and the endpoint appears to be an official Composio/Rube service, so this is not outright malware. However, it routes Slack authentication and all workspace operations through a third-party hosted MCP layer and enables autonomous external messaging actions; combined with outdated 'no API keys needed' setup guidance, this makes the skill medium-high risk.