Description

Connect your AI agent to 1000+ apps — discover tools, manage OAuth connections, execute actions, and provide a self-service connector dashboard.

README (SKILL.md)

App Connectors — Connect Your Agent to 1000+ Apps

Name: App Connectors
Author: ts-sz

Connect your AI agent to Gmail, Slack, GitHub, Notion, Google Calendar, LinkedIn, HubSpot, Stripe, and 1000+ more apps via Composio OAuth.

Setup

On first use, check credentials:

# Check environment variables
[ -n "$COMPOSIO_API_KEY" ] && echo "✅ API key" || echo "⏳ Not set"

Required:

COMPOSIO_API_KEY — Project-scoped API key from Composio

If not in env, check the framework's secrets provider (vault, secrets.json, .env). If missing, stop and report to the operator.

API Reference

Base URL: https://backend.composio.dev/api Auth header: x-api-key: $COMPOSIO_API_KEY

List Connected Apps

Use the v1 REST API to get all active connections for the current entity:

curl -s "https://backend.composio.dev/api/v1/connectedAccounts?user_uuid=default&showActiveOnly=true" \
  -H "x-api-key: $COMPOSIO_API_KEY"

Returns { "items": [...] } — each item has appName, status, id.

Discover Tools (COMPOSIO_SEARCH_TOOLS)

Find the right tool for a task. Returns matching tools, schemas, connection status, and execution plan.

curl -s -X POST "https://backend.composio.dev/api/v3/tools/execute/COMPOSIO_SEARCH_TOOLS" \
  -H "x-api-key: $COMPOSIO_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "arguments": {
      "queries": [
        {
          "use_case": "send an email via gmail",
          "known_fields": "recipient_name: John"
        }
      ],
      "session": { "generate_id": true }
    }
  }'

Key fields in response:

primary_tool_slugs — best matching tools
tool_schemas — input schemas for each tool
toolkit_connection_statuses — whether there's an active connection
known_pitfalls — common mistakes to avoid

Rules:

1 query = 1 tool action (max 7 queries per call)
Include the app name in the query when the user specifies one
Reuse session.id from the first response in subsequent calls

Connect an App (COMPOSIO_MANAGE_CONNECTIONS)

If has_active_connection is false, or the user wants to connect a new app:

curl -s -X POST "https://backend.composio.dev/api/v3/tools/execute/COMPOSIO_MANAGE_CONNECTIONS" \
  -H "x-api-key: $COMPOSIO_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "arguments": {
      "toolkits": ["gmail"]
    }
  }'

Response statuses:

active — ready to use, no action needed
initiated — returns redirect_url → send to user to complete OAuth
failed — error (often: wrong toolkit slug)

Common toolkit slugs: gmail, outlook, slack, github, notion, clickup, linkedin, googlecalendar, googledrive, googlesheets, jira, trello, hubspot, figma, discord, airtable, stripe, youtube, calendly, supabase, asana, dropbox, twitter

Note: slugs are lowercase, no underscores (e.g. googlecalendar not google_calendar).

Execute Tools (COMPOSIO_MULTI_EXECUTE_TOOL)

Only after connection is active:

curl -s -X POST "https://backend.composio.dev/api/v3/tools/execute/COMPOSIO_MULTI_EXECUTE_TOOL" \
  -H "x-api-key: $COMPOSIO_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "arguments": {
      "tools": [
        {
          "tool_slug": "GMAIL_SEND_EMAIL",
          "arguments": {
            "to": "[email protected]",
            "subject": "Hello",
            "body": "Welcome!"
          }
        }
      ],
      "sync_response_to_workbench": false
    }
  }'

Rules:

Never invent tool slugs or argument fields — only use what SEARCH_TOOLS returned
Batch independent tools in a single call (max 50)
Verify connection is active before executing

Get Full Schemas (COMPOSIO_GET_TOOL_SCHEMAS)

When SEARCH_TOOLS returns a schemaRef instead of full input_schema:

curl -s -X POST "https://backend.composio.dev/api/v3/tools/execute/COMPOSIO_GET_TOOL_SCHEMAS" \
  -H "x-api-key: $COMPOSIO_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "arguments": {
      "tool_slugs": ["GMAIL_SEND_EMAIL"]
    }
  }'

/apps Command

When the user types /apps:

List connected apps using the v1 REST API (/v1/connectedAccounts?user_uuid=default&showActiveOnly=true)
Display as a clean list — one line per app, 🟢 prefix, human-readable name:
```
🟢 Gmail
🟢 LinkedIn
🟢 ClickUp
🟢 Notion
```
If none connected: "No apps connected yet."
End with a prompt: "To connect a new app, type its name."
When the user types an app name, call COMPOSIO_MANAGE_CONNECTIONS with the matching slug, get the redirect_url, and send it as a clickable link.

Display name mapping (slug → display): gmail → Gmail, outlook → Outlook, googlecalendar → Google Calendar, googledrive → Google Drive, googlesheets → Google Sheets, linkedin → LinkedIn, notion → Notion, clickup → ClickUp, slack → Slack, github → GitHub, jira → Jira, trello → Trello, hubspot → HubSpot, figma → Figma, discord → Discord, airtable → Airtable, stripe → Stripe, youtube → YouTube, calendly → Calendly, supabase → Supabase, asana → Asana, dropbox → Dropbox, twitter → Twitter/X, shopify → Shopify

For unknown slugs, capitalize the first letter.

Agent Commands

User says	What to do
`/apps`	List connected apps → prompt to connect
"Connect Slack"	`MANAGE_CONNECTIONS` with `["slack"]` → send OAuth link
"Send an email to X"	`SEARCH_TOOLS` → check connection → `MULTI_EXECUTE_TOOL`
"Disconnect Slack"	Use `MANAGE_CONNECTIONS`

References

Composio Docs

Usage Guidance

What to consider before installing: - The runtime docs require COMPOSIO_API_KEY, but the registry metadata did NOT declare any required env vars — ask the publisher to update metadata to explicitly require COMPOSIO_API_KEY before trusting the skill. - The skill's API calls go to https://backend.composio.dev; verify that this domain and the Composio service are legitimate for your organization and that you trust the operator who will receive OAuth redirect completions. - The SKILL.md suggests checking generic secret stores (vault, .env, secrets.json). Confirm how your agent/framework restricts secret access; do NOT give the agent blanket access to your vault or all secrets — restrict it to a specific project-scoped Composio key if possible. - Because this is instruction-only, there is no installer risk, but the key itself will authorize the agent to manage OAuth connections and execute actions. Limit the key's scope and lifespan (use project-scoped keys, rotate/revoke when not needed). - If you need higher confidence: request an official homepage or publisher contact, a documented privacy/security policy for Composio, and an updated registry entry that declares the COMPOSIO_API_KEY requirement and the exact scopes/permissions the key grants. Confidence is medium because the skill's behavior is coherent for a connector, but the metadata omission and the broad guidance to search secret stores create a non-trivial risk.

Capability Assessment

⚠ Purpose & Capability

The SKILL.md describes an app-connector that uses a Composio OAuth backend — this aligns with the name/description. However, the registry metadata lists no required environment variables while the instructions explicitly require COMPOSIO_API_KEY. That metadata/instruction mismatch is an incoherence (the skill will not function without the API key but the package does not declare it).

⚠ Instruction Scope

Instructions are specific about API endpoints, calls, and required request fields and stay within the connector use case. However, they also tell the agent to check the framework's secrets provider (vault, secrets.json, .env) if the env var is missing — that broad guidance potentially expands scope to read arbitrary secret stores and other secrets beyond the single Composio key.

✓ Install Mechanism

Instruction-only skill with no install spec or code files — lowest install risk. Nothing is written to disk by an installer.

⚠ Credentials

Runtime requires a single API key (COMPOSIO_API_KEY) which is reasonable for this connector. But the metadata did not declare it, and the instructions explicitly advise searching generic secret stores, which could lead to accessing unrelated credentials. The requested environment/secret access should be declared explicitly and limited to the Composio key.

✓ Persistence & Privilege

No always:true, no install-time persistence, and no configuration paths claimed. The skill does instruct sending OAuth redirect URLs to users, which is expected for connectors and not a privilege escalation by itself.

Version History

v5.0.1

v5.0.1: Simplify to in-chat flow. Drop dashboard dependency. /apps shows clean list via v1 API. User types app name to connect. Framework-agnostic.

v4.1.1

- Removed files: README.md and meta.json have been deleted from the project. - No changes to code or skill documentation (SKILL.md remains unchanged). - Version number in SKILL.md remains 5.0.0 despite the skill version being 4.1.1.

v5.0.0

Auto-published from GitHub

v4.1.0

Auto-published from GitHub

v4.0.3

Fixed: removed all old registry references

v4.0.2

README clarifies Composio setup and env vars

v4.0.1

Initial ClawHub release

Metadata

Slug app-connectors

Version 5.0.1

License MIT-0

All-time Installs 1

Active Installs 1

Total Versions 7

Frequently Asked Questions

What is App Connectors?

Connect your AI agent to 1000+ apps — discover tools, manage OAuth connections, execute actions, and provide a self-service connector dashboard. It is an AI Agent Skill for Claude Code / OpenClaw, with 145 downloads so far.

How do I install App Connectors?

Run "/install app-connectors" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is App Connectors free?

Yes, App Connectors is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does App Connectors support?

App Connectors is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created App Connectors?

It is built and maintained by ts-sz (@ts-sz); the current version is v5.0.1.

More Skills

App Connectors