composio
Fail
Audited by Gen Agent Trust Hub on Mar 19, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill repeatedly instructs the user to install the Composio CLI using the command
curl -fsSL https://composio.dev/install | bash. This pattern is a significant security risk as it downloads a script from a remote server and executes it directly in the shell without prior verification or auditing. - [COMMAND_EXECUTION]: The skill's primary functionality relies on executing a wide range of shell commands through the
composioCLI. Examples includecomposio execute <TOOL_SLUG>,composio login, andcomposio search. If an AI agent incorporates untrusted user input into these commands without rigorous sanitization, it could lead to arbitrary command injection on the host system. - [EXTERNAL_DOWNLOADS]: The skill facilitates the installation of numerous external dependencies from public registries. This includes Python packages (e.g.,
composio,composio-openai-agents) and Node.js packages (e.g.,@composio/core,@composio/vercel). While standard for such tools, these external dependencies introduce a supply chain risk surface. - [REMOTE_CODE_EXECUTION]: A URL included in the documentation for local testing purposes,
https://abc123.ngrok.io/composio/triggers, has been flagged by security scanners as malicious (Phishing). Although it appears to be a placeholder/example for webhook testing, the reputation of the specific subdomain is compromised.
Recommendations
- HIGH: Downloads and executes remote code from: https://composio.dev/install - DO NOT USE without thorough review
- AI detected serious security threats
- Contains 1 malicious URL(s) - DO NOT USE
Audit Metadata