Connect Apps
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: connect-apps Version: 0.1.0 The skill instructs the agent to install a third-party plugin (`composio-toolrouter`) and obtain an API key from an external domain (`platform.composio.dev`) to connect to '1000+ apps' via OAuth. While the stated purpose (connecting external apps like Gmail, Slack, GitHub) is legitimate, this introduces significant supply chain risk and grants broad permissions to a third-party service. The `SKILL.md` file directly instructs the agent to integrate with this powerful external system, which could handle sensitive user data and perform actions across many services, making it a high-risk capability.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If enabled and authorized, Claude could take real actions such as sending email, posting messages, or creating issues in connected accounts.
This grants broad, real-world mutation authority across many external services, but the artifact does not define confirmation requirements, allowed apps, action limits, or rollback/containment.
Connect Claude to 1000+ apps. Actually send emails, create issues, post messages - not just generate text about it.
Use only with explicit user requests, review action details before execution, and limit connected apps and scopes to what you actually need.
OAuth access can let the connected tool act inside your third-party accounts until access is revoked.
The skill requires an API key and OAuth-delegated account access, but it does not describe requested scopes, token handling, revocation, or which connected services will be authorized.
Ask for your free API key ... First time? You'll authorize via OAuth (one-time)
Authorize only the specific apps needed, inspect OAuth scopes during setup, prefer limited/test accounts where possible, and know how to revoke access.
The security of the installed setup depends on a separate plugin and service that were not reviewed here.
The skill delegates its core behavior to an external plugin that is not included in the reviewed artifacts and is not version-pinned or accompanied by provenance details.
/plugin install composio-toolrouter
Verify the plugin source, publisher, version, and permissions before installing, and avoid authorizing sensitive accounts until provenance is clear.
The contents of requested actions, such as emails or messages, may be processed by the tool router and the target service.
Requests and results are routed through a third-party tool router and external apps, which is purpose-aligned but the artifact does not describe data boundaries, retention, or logging.
Composio Tool Router finds the right tool ... Action executes and returns result
Avoid routing highly sensitive content unless you trust the provider and have reviewed its privacy, logging, and retention policies.