Skillv1.0.0

ClawScan security

Api Gateway 1.0.70 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 22, 2026, 1:22 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's functionality and required credential (MATON_API_KEY) match its description as an API gateway, but packaging/metadata inconsistencies and the broad privileges that a single Maton API key grants make this worth caution before installing.
Guidance: This skill appears to be a documented Maton API gateway and only requires a MATON_API_KEY to operate. Before installing: (1) Confirm the skill publisher and owner identity (there are metadata/version mismatches in the packaged files that look like sloppy packaging); (2) Understand that the MATON_API_KEY is powerful — it permits the skill to proxy requests to any third‑party service your Maton account has connected, so remove or restrict unneeded connections first; (3) Limit the API key's scope and rotate it after use where possible; (4) If you rely on strict data controls, review which services are connected in your Maton account and consider creating a separate Maton account/key for this integration; (5) If the metadata mismatches (ownerId and version differences) worry you, ask the registry maintainer or the publisher (maton.ai) for provenance/packaging clarification before proceeding.

Review Dimensions

Purpose & Capability: okName/description describe a passthrough API gateway; SKILL.md only asks for MATON_API_KEY and shows calls to Maton gateway/control URLs — these are coherent with the declared purpose (proxying many third‑party APIs via Maton).
Instruction Scope: noteRuntime instructions limit actions to calling Maton endpoints (gateway.maton.ai, ctrl.maton.ai, connect.maton.ai) and using MATON_API_KEY. That stays within the stated purpose. However, the gateway lets the agent make arbitrary proxied requests to any third‑party APIs the Maton account has connections for, which is a powerful capability: the agent could read or modify data in any connected service. SKILL.md does not instruct the agent to read local files or other env vars.
Install Mechanism: okInstruction-only skill with no install spec and no code files; nothing is downloaded or written to disk by an installer, which is low technical risk.
Credentials: concernOnly one environment variable is required (MATON_API_KEY), which is proportionate to a managed-gateway integration. But that single key can be high‑value: possession of it lets the holder call the gateway on behalf of the Maton account and access any third‑party connections already authorized in that account. Ensure the key is scoped, rotated, and limited where possible.
Persistence & Privilege: okalways:false and no special OS/config paths requested. Model invocation is allowed (default) — that is normal. Note: autonomous invocation combined with the gateway's broad access increases potential blast radius, but the skill does not request privileged platform flags like always:true.