Pipedream Connect
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: pipedream-connect Version: 1.6.0 The pipedream-connect skill bundle provides a legitimate integration for managing Pipedream OAuth connections and MCP tools within OpenClaw. It demonstrates positive security patterns, such as automatically migrating plaintext credentials from configuration files to a dedicated vault (~/.openclaw/secrets.json) and sanitizing server names before using them in shell commands (execSync) within pipedream-backend.ts. The persistence mechanism (cron job via setup-cron.sh) and the token refresh script (pipedream-token-refresh.py) are standard requirements for maintaining OAuth sessions and are clearly documented for the user.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an unsafe identifier reaches this command, it could run unintended local shell commands under the user's account when schema listing is triggered.
The reference backend runs a shell command with an interpolated serverName. Other artifacts describe server names as including externalUserId and appSlug, which can be user-configured, so this pattern needs strict validation or non-shell execution.
const result = execSync(`mcporter list ${serverName} --schema --json 2>/dev/null`, {Use execFile/spawn with an argument array, remove shell redirection, and validate externalUserId/appSlug/serverName against a strict safe-character allowlist before any local command use.
Connected agents may be able to read or change data in the apps you authorize, depending on the app scopes and available MCP tools.
The skill is expected to use Pipedream credentials and connected-account tokens, but those tokens grant delegated access to third-party apps and are persisted in tool configuration.
OAuth access tokens may appear in mcporter Authorization headers and should be treated as sensitive short-lived credentials
Connect only the apps and scopes each agent needs, use separate per-agent external user IDs, review mcporter.json permissions, and disconnect apps when no longer needed.
If enabled, the refresh job can continue running and modifying token/config state after the initial setup session.
The cron-based token refresher is disclosed and user-directed, but it is persistent background behavior.
optional token-refresh cron jobs persist until removed
Enable the cron job only if needed, review the generated crontab entry, and document how to remove it.
It is harder to independently verify that the bundled reference code and scripts match an official Pipedream/OpenClaw implementation.
The skill handles credentials and bundles scripts/reference code, but the provided registry metadata does not identify a source repository or homepage.
Source: unknown; Homepage: none
Install only if you trust the publisher, compare the reference files against a known OpenClaw source, and prefer releases with clear provenance.