pipa-triggers

Automates workflows triggered by external events in apps like GitHub, Linear, and Slack, enhancing productivity and responsiveness.

Install this skill

74/100

Security score

The pipa-triggers skill was audited on Jun 3, 2026 and we found 6 security issues across 3 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 369

Template literal with variable interpolation in command context

SourceSKILL.md

369

```text

medium line 22

Webhook reference - potential data exfiltration

SourceSKILL.md

22	- Do not create broad OAuth scopes, arbitrary webhooks, or high-risk ongoing access without explicit user confirmation.

medium line 32

Webhook reference - potential data exfiltration

SourceSKILL.md

32	- a trigger, webhook, watcher, listener, or monitor tied to an external app event

medium line 213

Webhook reference - potential data exfiltration

SourceSKILL.md

213	6. If the catalog has no suitable trigger type, report that the provider trigger is not supported by the current Composio catalog. Do not create a direct app webhook as a workaround.

medium line 218

Webhook reference - potential data exfiltration

SourceSKILL.md

218	Do not create direct provider webhooks for this V1 flow. The gateway's `/webhooks/composio/triggers` endpoint accepts Composio-signed trigger webhooks and routes by Composio trigger instance ID. A nat

low line 357

External URL reference

SourceSKILL.md

357	- `PIPA_API_BASE_URL` - Base URL for the automation gateway, such as `https://api.pipa.io` or `http://localhost:4110` in local mode

Scanned on Jun 3, 2026

View Security Dashboard

Installation guide →

GitHub Stars 1

Rate this skill

Categorymarketing

UpdatedJune 15, 2026

openclaw api growth-marketer product-manager sdr customer-success-manager business-development github linear slack marketing product sales

lunchpaillola/pipa-skills