composio

SUSPICIOUS. The stated purpose matches broad SaaS automation, but the skill's actual footprint is too expansive and intermediary-heavy: all actions are funneled through a non-official gateway over plain HTTP, it enables autonomous external actions like email and social posting, and one flow instructs reading a raw COMPOSIO API key from a local .env and sending it to third-party SDK/API endpoints. This is not confirmed malware, but it poses high security risk and weak data-flow integrity.