Pipedream Connect
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
Review recommended: the skill is transparent about Pipedream access, but it handles powerful app credentials and includes a reference backend command pattern that could be unsafe if identifiers are not strictly validated.
Before installing, verify the publisher/source, connect only the apps each agent truly needs, review Pipedream OAuth scopes and mcporter.json permissions, use safe unique external user IDs, and avoid enabling the cron refresher unless you need persistent token refresh. The shell command pattern in the reference backend should be fixed or audited before relying on this implementation.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an unsafe identifier reaches this command, it could run unintended local shell commands under the user's account when schema listing is triggered.
The reference backend runs a shell command with an interpolated serverName. Other artifacts describe server names as including externalUserId and appSlug, which can be user-configured, so this pattern needs strict validation or non-shell execution.
const result = execSync(`mcporter list ${serverName} --schema --json 2>/dev/null`, {Use execFile/spawn with an argument array, remove shell redirection, and validate externalUserId/appSlug/serverName against a strict safe-character allowlist before any local command use.
Connected agents may be able to read or change data in the apps you authorize, depending on the app scopes and available MCP tools.
The skill is expected to use Pipedream credentials and connected-account tokens, but those tokens grant delegated access to third-party apps and are persisted in tool configuration.
OAuth access tokens may appear in mcporter Authorization headers and should be treated as sensitive short-lived credentials
Connect only the apps and scopes each agent needs, use separate per-agent external user IDs, review mcporter.json permissions, and disconnect apps when no longer needed.
If enabled, the refresh job can continue running and modifying token/config state after the initial setup session.
The cron-based token refresher is disclosed and user-directed, but it is persistent background behavior.
optional token-refresh cron jobs persist until removed
Enable the cron job only if needed, review the generated crontab entry, and document how to remove it.
It is harder to independently verify that the bundled reference code and scripts match an official Pipedream/OpenClaw implementation.
The skill handles credentials and bundles scripts/reference code, but the provided registry metadata does not identify a source repository or homepage.
Source: unknown; Homepage: none
Install only if you trust the publisher, compare the reference files against a known OpenClaw source, and prefer releases with clear provenance.