Dynamic OAuth for AI agents via Pipedream. Generate OAuth links for 2500+ APIs, let users authorize, then call MCP tools on their behalf.
Security Analysis
medium confidenceThe skill's purpose and required binary align, but the runtime instructions expect Pipedream credentials/configuration that are not declared and the npm install can run arbitrary code—this omission and the broad OAuth power make the package worth caution.
Name/description (dynamic OAuth via Pipedream) match the declared required binary ('pdauth') and the install spec (npm package 'pdauth' that provides a pdauth CLI). The listed workflows (connect, status, call) are consistent with the stated purpose.
SKILL.md instructs the agent to generate OAuth links, ask the user to authorize, and then call tools via pdauth — all in-scope. It does not instruct reading unrelated system files or secrets. However, it explicitly tells operators to run 'pdauth config' to set up Pipedream credentials without describing what credentials are needed or where they're stored, leaving an important operational detail unspecified.
Install uses an npm package ('pdauth') that creates the 'pdauth' binary; this is expected for a CLI. npm packages can execute arbitrary install-time code, so this is a moderate-risk install mechanism but not unusual for a CLI tool.
SKILL.md refers to configuring Pipedream credentials ('pdauth config') and to long-lived OAuth connections for many apps, yet the skill metadata declares no required env vars or primary credential. The lack of declared credentials/config-paths is an incoherence: the skill will need credentials (and will store tokens somewhere) but does not state this up front. Also, enabling OAuth for '2500+ APIs' means broad potential access once users authorize—this is powerful and should be explicitly justified and constrained.
The skill does not request 'always: true' and has no OS/config path requirements declared. That said, OAuth tokens obtained via the flow are likely to persist in Pipedream (or local pdauth config), allowing the agent to act on users' behalf across sessions. Autonomous invocation (allowed) combined with granted OAuth scopes increases blast radius, but autonomous invocation itself is the platform default.
Guidance
This skill largely does what it says (generate OAuth links and call APIs via Pipedream), but you should proceed cautiously. Before installing: 1) Verify the npm package publisher and inspect the pdauth package source (or the GitHub repo) to ensure you trust its install-time behavior. 2) Ask the publisher which credentials 'pdauth config' requires, where those credentials/tokens are stored (local files vs. Pipedream account), and how to revoke them. 3) Limit OAuth scopes when authorizing and prefer short-lived or per-action consent. 4) Consider running the npm package in an isolated environment first (container or VM) and review its code. 5) If you need an explicit guarantee, request the skill metadata be updated to declare required env vars/config paths and a clear data-handling policy.
Latest Release
v1.0.0
Initial release of pdauth — Dynamic OAuth for AI agents - Enables AI agents to generate OAuth links for 2500+ APIs using Pipedream and authorize users. - Provides commands to connect apps, check user connection status, list tools, and call API tools on behalf of users. - Supports popular apps (Slack, Spotify, Notion, Google Sheets, Gmail, GitHub, etc.) with simple CLI commands. - Offers a workflow for user authorization and clear strategies for managing user identities. - Includes error handling guidance and usage tips for seamless integration.
More by @G9Pedro
Published by @G9Pedro on ClawHub
