npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@srmcguirt/openclaw-composio

v0.1.0

Published

OpenClaw plugin exposing Composio's tool catalog as agent tools

Downloads

70

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Maintainers

srmcguirtsrmcguirt

Keywords

Readme

@srmcguirt/openclaw-composio

OpenClaw plugin exposing Composio's tool catalog (Gmail, Slack, GitHub, Notion, Linear, ~800+ toolkits) as callable agent tools.

Install

openclaw plugins install @srmcguirt/openclaw-composio

Configure

  1. Get a Composio API key at https://platform.composio.dev
  2. For each toolkit you want to use, create an auth config in the Composio dashboard and capture its id (ac_...)
  3. Set the API key and config:
export COMPOSIO_API_KEY=ck_xxx
openclaw config set composio.toolkits '["github","gmail"]'
openclaw config set composio.authConfigIds '{"github":"ac_111","gmail":"ac_222"}'

Multi-user (shared machine)

By default, userIdStatic is empty so the plugin refuses to call any tool until you identify yourself in the current session:

/composio whoami shane
/composio connect github

This prevents one user accidentally operating another's connected accounts on a shared OpenClaw install.

For single-user installs, set userIdStatic once and skip whoami.

⚠️ Agent impersonation risk

Because OpenClaw's plugin-sdk does not yet expose a slash-command registration API, the /composio whoami command is implemented as a tool (cmp_command) that the LLM agent can invoke on its own. On a shared machine, a rogue or mistaken agent could theoretically switch user contexts without human input.

Mitigations in place:

  • First-time whoami sets the user; subsequent switches to a DIFFERENT user require force: true
  • Force-overrides emit a warn-level log line for audit
  • If the plugin-sdk later gains a real registerCommand API, we'll migrate whoami off the tool surface

Until then: prefer single-user installs, or use userIdSource: "profile"/"env" to tie identity to OpenClaw profile / env var rather than a session toggle.

Slash commands

  • /composio whoami <userId> — set active user for this session
  • /composio connect <toolkit> — start OAuth for a toolkit
  • /composio list — list connected accounts for current user
  • /composio disconnect <connectedAccountId> — revoke a connection
  • /composio refresh — re-fetch tool catalog from Composio (new tools require restart; removed tools disabled immediately)
  • /composio status — show plugin state

Note: the current openclaw/plugin-sdk does not expose a slash-command registration API; these commands are invoked via the cmp_command dispatcher tool until the SDK gains registerCommand support.

Pre-publish checklist

  • [ ] Install plugin into a fresh OpenClaw instance via openclaw plugins install
  • [ ] Set COMPOSIO_API_KEY, configure one toolkit (github)
  • [ ] Boot OpenClaw; confirm tools registered (log check + agent palette)
  • [ ] Run /composio whoami <name>
  • [ ] Run /composio connect github; complete OAuth in browser
  • [ ] Invoke one read-only tool (e.g. ask the agent "list my GitHub repos"); verify success
  • [ ] Add another toolkit in config; run /composio refresh; verify diff output
  • [ ] Run npm run test:live with a real API key to confirm SDK boundary intact
  • [ ] Verify upstream pull on the openclaw fork stays clean: cd c:/git/openclaw && git pull upstream main

Development

npm install
npm test                  # unit + integration (mocked SDK)
npm run test:coverage
npm run test:live         # gated by COMPOSIO_LIVE_TEST=1; needs COMPOSIO_API_KEY
npm run build
npm run typecheck

License

MIT