dropbox-sign-automation

Warn

Audited by Socket on Mar 29, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS: The skill's purpose and capabilities mostly align, and the endpoint appears to be an official Composio service rather than an unknown payload. However, all discovery, authentication, and execution are routed through Composio's hosted MCP layer, which forwards Dropbox Sign access and data through a third-party intermediary without pinning or direct first-party API use. This is not confirmed malware, but it carries meaningful trust and credential-forwarding risk.

Confidence: 87%Severity: 58%
Audit Metadata
Analyzed At
Mar 29, 2026, 03:35 AM
Package URL
pkg:socket/skills-sh/ranbot-ai%2Fawesome-skills%2Fdropbox-sign-automation%2F@e03dac1fbb69293333a78d6126811d60749bf615
Security Audit — socket — dropbox-sign-automation