ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

App Connectors

v5.0.1

Connect your AI agent to 1000+ apps — discover tools, manage OAuth connections, execute actions, and provide a self-service connector dashboard.

0· 109·1 current·1 all-time
by@ts-sz
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md describes an app-connector that uses a Composio OAuth backend — this aligns with the name/description. However, the registry metadata lists no required environment variables while the instructions explicitly require COMPOSIO_API_KEY. That metadata/instruction mismatch is an incoherence (the skill will not function without the API key but the package does not declare it).
!
Instruction Scope
Instructions are specific about API endpoints, calls, and required request fields and stay within the connector use case. However, they also tell the agent to check the framework's secrets provider (vault, secrets.json, .env) if the env var is missing — that broad guidance potentially expands scope to read arbitrary secret stores and other secrets beyond the single Composio key.
Install Mechanism
Instruction-only skill with no install spec or code files — lowest install risk. Nothing is written to disk by an installer.
!
Credentials
Runtime requires a single API key (COMPOSIO_API_KEY) which is reasonable for this connector. But the metadata did not declare it, and the instructions explicitly advise searching generic secret stores, which could lead to accessing unrelated credentials. The requested environment/secret access should be declared explicitly and limited to the Composio key.
Persistence & Privilege
No always:true, no install-time persistence, and no configuration paths claimed. The skill does instruct sending OAuth redirect URLs to users, which is expected for connectors and not a privilege escalation by itself.
What to consider before installing
What to consider before installing: - The runtime docs require COMPOSIO_API_KEY, but the registry metadata did NOT declare any required env vars — ask the publisher to update metadata to explicitly require COMPOSIO_API_KEY before trusting the skill. - The skill's API calls go to https://backend.composio.dev; verify that this domain and the Composio service are legitimate for your organization and that you trust the operator who will receive OAuth redirect completions. - The SKILL.md suggests checking generic secret stores (vault, .env, secrets.json). Confirm how your agent/framework restricts secret access; do NOT give the agent blanket access to your vault or all secrets — restrict it to a specific project-scoped Composio key if possible. - Because this is instruction-only, there is no installer risk, but the key itself will authorize the agent to manage OAuth connections and execute actions. Limit the key's scope and lifespan (use project-scoped keys, rotate/revoke when not needed). - If you need higher confidence: request an official homepage or publisher contact, a documented privacy/security policy for Composio, and an updated registry entry that declares the COMPOSIO_API_KEY requirement and the exact scopes/permissions the key grants. Confidence is medium because the skill's behavior is coherent for a connector, but the metadata omission and the broad guidance to search secret stores create a non-trivial risk.

Like a lobster shell, security has layers — review code before you run it.

latestvk979rf8vr0yv8s9jjecgnvxwr9844pd1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments