connect-apps

[Skill Scanner] Natural language instruction to download and install from URL detected The manifest describes a legitimate-seeming plugin that enables an agent to perform actions across many services by routing through Composio. The provided text contains no explicit malware or obvious backdoor code, but it raises meaningful supply-chain and privacy/trust concerns: a single third-party broker (Composio) would receive or mediate high-privilege credentials and action payloads, and the documentation provides no guarantees about token handling, storage, encryption, or retention. Treat this as a high-privilege integration that requires careful review of the plugin code and Composio's security practices before use. LLM verification: This skill's README describes a legitimate-sounding managed integration (Composio Tool Router) that enables an AI agent to act across many apps. The primary security concern is architectural: sensitive OAuth tokens and user data are centralized at a third-party service (Composio) without published implementation or security details in the artifact. There is no direct evidence in the provided text of obfuscated or malicious code, hard-coded secrets, or active exfiltration. However, because of the