connect-apps

[Skill Scanner] Natural language instruction to download and install from URL detected Benign in intent with a standard integration pattern, but requires explicit security controls in implementation: scoped permissions, secure storage and rotation of API keys/tokens, robust auditing, and clear user consent. The design should avoid hardcoded secrets and ensure least privilege across all connected apps. LLM verification: This skill's README describes a legitimate-sounding managed integration (Composio Tool Router) that enables an AI agent to act across many apps. The primary security concern is architectural: sensitive OAuth tokens and user data are centralized at a third-party service (Composio) without published implementation or security details in the artifact. There is no direct evidence in the provided text of obfuscated or malicious code, hard-coded secrets, or active exfiltration. However, because of the