Connect your AI agent to 500+ apps for discovering tools, managing connections, and executing actions across Gmail, Slack, GitHub, Notion, Google Workspace,...
Security Analysis
medium confidenceThe skill's instructions describe a third‑party automation proxy that requires an API key and will mediate access to many apps, but the package metadata omits the required environment variables and description — this mismatch and the broad external access are concerning and need clarification before use.
The SKILL.md clearly describes a Composio proxy service that orchestrates 500+ apps (Gmail, Slack, GitHub, etc.), which is coherent with the name. However the skill metadata provides no description and declares no required environment variables or primary credential even though the runtime docs require COMPOSIO_API_KEY and a base URL. That metadata omission is inconsistent and reduces transparency.
Instructions are narrowly scoped to calling Composio's HTTP API (POST /tools/execute/...). They do not instruct reading local files or unrelated system credentials. However the workflow explicitly directs the agent to obtain and use an API key and to initiate OAuth connections that will grant Composio access to user accounts; that means sensitive account data will transit to an external service and should be treated accordingly.
This is an instruction-only skill with no install spec and no code files, so there is nothing being written to disk by the skill package itself. That's lower risk from an installation perspective.
The SKILL.md requires COMPOSIO_API_KEY (and suggests setting COMPOSIO_BASE), but the registry metadata lists no required env vars or primary credential. That mismatch is problematic: the agent will need a secret (API key) to operate, yet this isn't declared. Also the service will request OAuth connections to user accounts (Gmail, Slack, etc.), which is appropriate for a proxy but represents high‑sensitivity access that should be explicitly called out in metadata and user guidance.
The skill does not request always:true, no installs, and does not alter other skills or system configuration. Normal autonomous invocation is allowed by default.
Guidance
This skill routes commands through an external service (backend.composio.dev) and expects you to provide a COMPOSIO_API_KEY and to perform OAuth connections that grant Composio access to your accounts. Before installing or using it: (1) verify the publisher and confirm that the domain platform.composio.dev / backend.composio.dev is legitimate; (2) request that the skill metadata be updated to declare the required env vars and explain the scope of access (which toolkits and OAuth scopes will be requested); (3) avoid using long‑lived or high‑privilege keys — prefer scoped, revocable keys or a test account; (4) review Composio's privacy/security policy and what data is sent to their backend; (5) if you must try it, test in an isolated environment or with non‑production accounts. The main red flag here is the metadata/instructions mismatch and the broad external access — these deserve clarification before trusting sensitive credentials.
Latest Release
v1.0.0
Composio v1.0.0 – Initial Release - Introduces a unified platform to connect AI agents with 900+ popular apps for seamless cross-app automation. - Provides clear guides and cURL examples for setup, authentication, and API usage. - Documents core endpoints: tool search (`COMPOSIO_SEARCH_TOOLS`), connection management, input schema fetching, and tool execution. - Explains best practices for planning, finding, connecting, and running tools, with real API payloads and tips for smooth integration.
Popular Skills
Published by @wjayesh on ClawHub
