Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Composio
v1.0.0Connect your AI agent to 500+ apps for discovering tools, managing connections, and executing actions across Gmail, Slack, GitHub, Notion, Google Workspace,...
⭐ 6· 3.6k·37 current·39 all-time
by@wjayesh
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md clearly describes a Composio proxy service that orchestrates 500+ apps (Gmail, Slack, GitHub, etc.), which is coherent with the name. However the skill metadata provides no description and declares no required environment variables or primary credential even though the runtime docs require COMPOSIO_API_KEY and a base URL. That metadata omission is inconsistent and reduces transparency.
Instruction Scope
Instructions are narrowly scoped to calling Composio's HTTP API (POST /tools/execute/...). They do not instruct reading local files or unrelated system credentials. However the workflow explicitly directs the agent to obtain and use an API key and to initiate OAuth connections that will grant Composio access to user accounts; that means sensitive account data will transit to an external service and should be treated accordingly.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so there is nothing being written to disk by the skill package itself. That's lower risk from an installation perspective.
Credentials
The SKILL.md requires COMPOSIO_API_KEY (and suggests setting COMPOSIO_BASE), but the registry metadata lists no required env vars or primary credential. That mismatch is problematic: the agent will need a secret (API key) to operate, yet this isn't declared. Also the service will request OAuth connections to user accounts (Gmail, Slack, etc.), which is appropriate for a proxy but represents high‑sensitivity access that should be explicitly called out in metadata and user guidance.
Persistence & Privilege
The skill does not request always:true, no installs, and does not alter other skills or system configuration. Normal autonomous invocation is allowed by default.
What to consider before installing
This skill routes commands through an external service (backend.composio.dev) and expects you to provide a COMPOSIO_API_KEY and to perform OAuth connections that grant Composio access to your accounts. Before installing or using it: (1) verify the publisher and confirm that the domain platform.composio.dev / backend.composio.dev is legitimate; (2) request that the skill metadata be updated to declare the required env vars and explain the scope of access (which toolkits and OAuth scopes will be requested); (3) avoid using long‑lived or high‑privilege keys — prefer scoped, revocable keys or a test account; (4) review Composio's privacy/security policy and what data is sent to their backend; (5) if you must try it, test in an isolated environment or with non‑production accounts. The main red flag here is the metadata/instructions mismatch and the broad external access — these deserve clarification before trusting sensitive credentials.Like a lobster shell, security has layers — review code before you run it.
latestvk97e625gx3pnhbga3bb6saec7980vm16
License
MIT-0
Free to use, modify, and redistribute. No attribution required.