coda-automation

SUSPICIOUS. The capability matches Coda automation, and the MCP endpoint appears to be an official Composio/Rube service, so this is not overt malware. But the skill understates credential requirements, routes all Coda access through a third-party intermediary instead of Coda directly, and enables impactful actions like sharing and public publishing; this makes the footprint higher-risk than the description suggests.