bitbucket-automation

SUSPICIOUS: The skill is largely aligned with its stated Bitbucket automation purpose, and the Composio/Rube service appears same-org and legitimate. The main concerns are third-party mediation of Bitbucket OAuth/data through Rube MCP, a docs inconsistency around 'no API keys needed,' mutable remote endpoint trust, and support for destructive actions without enforced approval controls. This is not confirmed malware, but it carries medium security risk due to credential/data routing and real-world write/delete capability.