Asana
Asana API integration with managed OAuth. Access tasks, projects, workspaces, users, and manage webhooks. Use this skill when users want to manage work items, track projects, or integrate with Asana workflows. For other third party apps, use the api-gateway skill (https://clawhub.ai/byungkyu/api-gateway).
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 5 · 15.8k · 6 current installs · 8 all-time installs
MIT-0
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description claim Asana API integration and the SKILL.md shows calls to a Maton gateway (gateway.maton.ai, ctrl.maton.ai) to manage Asana resources. Requiring a MATON_API_KEY is consistent with a managed OAuth gateway.
Instruction Scope
Instructions are limited to HTTP calls to Maton endpoints, examples for listing/creating connections and calling proxied Asana endpoints, and using the MATON_API_KEY. The skill does not instruct reading local files, unrelated env vars, or sending data to unexpected domains (all examples target maton.* or connect.maton.ai).
Install Mechanism
No install spec or code is included (instruction-only), so nothing is written to disk or fetched at install time. This is low-risk for install-time code execution.
Credentials
The only required env var is MATON_API_KEY, which matches the gateway-based design. However, that key likely grants Maton broad access to proxied Asana connections and webhooks — granting it is effectively delegating access to your Asana data to a third party. Also, the registry entry lacks a homepage/source URL to verify the vendor.
Persistence & Privilege
The skill does not request always:true, has no install actions, and is user-invocable. It does not attempt to modify other skills or system configs.
Assessment
This skill appears to do what it says: it uses a Maton gateway to talk to Asana and needs a single MATON_API_KEY. Before installing, confirm you trust maton.ai (verify the domain, company information, and privacy/security practices) because the API key delegates access to Asana data and connections. Prefer creating a least-privilege Maton API key or a dedicated account, review and revoke any Maton connections in your Asana account after testing, and verify the gateway endpoints (gateway.maton.ai, ctrl.maton.ai, connect.maton.ai) are legitimate and use HTTPS. If you need higher assurance, ask the publisher for a homepage or source repository and inquire what scopes the MATON_API_KEY grants and how Maton stores tokens and webhooks.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.3
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🧠 Clawdis
EnvMATON_API_KEY
SKILL.md
Asana
Access the Asana API with managed OAuth authentication. Manage tasks, projects, workspaces, users, and webhooks for work management.
Quick Start
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://gateway.maton.ai/asana/api/1.0/tasks?project=PROJECT_GID')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF
Base URL
https://gateway.maton.ai/asana/{native-api-path}
Replace {native-api-path} with the actual Asana API endpoint path. The gateway proxies requests to app.asana.com and automatically injects your OAuth token.
Authentication
All requests require the Maton API key in the Authorization header:
Authorization: Bearer $MATON_API_KEY
Environment Variable: Set your API key as MATON_API_KEY:
export MATON_API_KEY="YOUR_API_KEY"
Getting Your API Key
- Sign in or create an account at maton.ai
- Go to maton.ai/settings
- Copy your API key
Connection Management
Manage your Asana OAuth connections at https://ctrl.maton.ai.
List Connections
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://ctrl.maton.ai/connections?app=asana&status=ACTIVE')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF
Create Connection
python <<'EOF'
import urllib.request, os, json
data = json.dumps({'app': 'asana'}).encode()
req = urllib.request.Request('https://ctrl.maton.ai/connections', data=data, method='POST')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
req.add_header('Content-Type', 'application/json')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF
Get Connection
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://ctrl.maton.ai/connections/{connection_id}')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF
Response:
{
"connection": {
"connection_id": "21fd90f9-5935-43cd-b6c8-bde9d915ca80",
"status": "ACTIVE",
"creation_time": "2025-12-08T07:20:53.488460Z",
"last_updated_time": "2026-01-31T20:03:32.593153Z",
"url": "https://connect.maton.ai/?session_token=...",
"app": "asana",
"metadata": {}
}
}
Open the returned url in a browser to complete OAuth authorization.
Delete Connection
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://ctrl.maton.ai/connections/{connection_id}', method='DELETE')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF
Specifying Connection
If you have multiple Asana connections, specify which one to use with the Maton-Connection header:
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://gateway.maton.ai/asana/api/1.0/tasks?project=PROJECT_GID')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
req.add_header('Maton-Connection', '21fd90f9-5935-43cd-b6c8-bde9d915ca80')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF
If omitted, the gateway uses the default (oldest) active connection.
API Reference
Tasks
Get Multiple Tasks
GET /asana/api/1.0/tasks
Query parameters:
project- Project GID to filter tasksassignee- User GID or "me" for assigned tasksworkspace- Workspace GID (required if no project specified)completed_since- ISO 8601 date to filter tasks completed after this dateopt_fields- Comma-separated list of fields to include
Example:
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://gateway.maton.ai/asana/api/1.0/tasks?project=1234567890&opt_fields=name,completed,due_on')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF
Response:
{
"data": [
{
"gid": "1234567890",
"name": "Review quarterly report",
"completed": false,
"due_on": "2025-03-15"
}
]
}
Get a Task
GET /asana/api/1.0/tasks/{task_gid}
Example:
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://gateway.maton.ai/asana/api/1.0/tasks/1234567890')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF
Create a Task
POST /asana/api/1.0/tasks
Content-Type: application/json
{
"data": {
"name": "New task",
"projects": ["PROJECT_GID"],
"assignee": "USER_GID",
"due_on": "2025-03-20",
"notes": "Task description here"
}
}
Example:
python <<'EOF'
import urllib.request, os, json
data = json.dumps({'data': {'name': 'Complete API integration', 'projects': ['1234567890'], 'due_on': '2025-03-20'}}).encode()
req = urllib.request.Request('https://gateway.maton.ai/asana/api/1.0/tasks', data=data, method='POST')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
req.add_header('Content-Type', 'application/json')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF
Update a Task
PUT /asana/api/1.0/tasks/{task_gid}
Example:
python <<'EOF'
import urllib.request, os, json
data = json.dumps({'data': {'completed': True}}).encode()
req = urllib.request.Request('https://gateway.maton.ai/asana/api/1.0/tasks/1234567890', data=data, method='PUT')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
req.add_header('Content-Type', 'application/json')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF
Delete a Task
DELETE /asana/api/1.0/tasks/{task_gid}
Get Tasks from a Project
GET /asana/api/1.0/projects/{project_gid}/tasks
Get Subtasks
GET /asana/api/1.0/tasks/{task_gid}/subtasks
Create Subtask
POST /asana/api/1.0/tasks/{task_gid}/subtasks
Content-Type: application/json
{
"data": {
"name": "Subtask name",
"assignee": "USER_GID",
"due_on": "2025-03-20"
}
}
Search Tasks (Premium)
Note: This endpoint requires an Asana Premium subscription.
GET /asana/api/1.0/workspaces/{workspace_gid}/tasks/search
Query parameters:
text- Text to search forassignee.any- Filter by assigneesprojects.any- Filter by projectscompleted- Filter by completion status
Projects
Get Multiple Projects
GET /asana/api/1.0/projects
Query parameters:
workspace- Workspace GIDteam- Team GIDopt_fields- Comma-separated list of fields
Example:
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://gateway.maton.ai/asana/api/1.0/projects?workspace=1234567890&opt_fields=name,owner,due_date')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF
Response:
{
"data": [
{
"gid": "1234567890",
"name": "Q1 Marketing Campaign",
"owner": {
"gid": "0987654321",
"name": "Alice Johnson"
},
"due_date": "2025-03-31"
}
]
}
Get a Project
GET /asana/api/1.0/projects/{project_gid}
Create a Project
POST /asana/api/1.0/projects
Example:
python <<'EOF'
import urllib.request, os, json
data = json.dumps({'data': {'name': 'New Project', 'workspace': '1234567890', 'notes': 'Project description'}}).encode()
req = urllib.request.Request('https://gateway.maton.ai/asana/api/1.0/projects', data=data, method='POST')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
req.add_header('Content-Type', 'application/json')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF
Update a Project
PUT /asana/api/1.0/projects/{project_gid}
Delete a Project
DELETE /asana/api/1.0/projects/{project_gid}
Workspaces
Get Multiple Workspaces
GET /asana/api/1.0/workspaces
Example:
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://gateway.maton.ai/asana/api/1.0/workspaces')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF
Response:
{
"data": [
{
"gid": "1234567890",
"name": "Acme Corp",
"is_organization": true
}
]
}
Get a Workspace
GET /asana/api/1.0/workspaces/{workspace_gid}
Update a Workspace
PUT /asana/api/1.0/workspaces/{workspace_gid}
Add User to Workspace
POST /asana/api/1.0/workspaces/{workspace_gid}/addUser
Remove User from Workspace
POST /asana/api/1.0/workspaces/{workspace_gid}/removeUser
Users
Get Multiple Users
GET /asana/api/1.0/users
Query parameters:
workspace- Workspace GID to filter users
Example:
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://gateway.maton.ai/asana/api/1.0/users?workspace=1234567890&opt_fields=name,email')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF
Response:
{
"data": [
{
"gid": "1234567890",
"name": "Alice Johnson",
"email": "alice.johnson@acme.com"
}
]
}
Get Current User
GET /asana/api/1.0/users/me
Get a User
GET /asana/api/1.0/users/{user_gid}
Get Users in a Team
GET /asana/api/1.0/teams/{team_gid}/users
Get Users in a Workspace
GET /asana/api/1.0/workspaces/{workspace_gid}/users
Webhooks
Get Multiple Webhooks
GET /asana/api/1.0/webhooks
Query parameters:
workspace- Workspace GID (required)resource- Resource GID to filter by
Example:
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://gateway.maton.ai/asana/api/1.0/webhooks?workspace=1234567890')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF
Create Webhook
Note: Asana verifies the target URL is reachable and responds with a 200 status during webhook creation.
POST /asana/api/1.0/webhooks
Content-Type: application/json
{
"data": {
"resource": "PROJECT_OR_TASK_GID",
"target": "https://example.com/webhook",
"filters": [
{
"resource_type": "task",
"action": "changed",
"fields": ["completed", "due_on"]
}
]
}
}
Example:
python <<'EOF'
import urllib.request, os, json
data = json.dumps({'data': {'resource': '1234567890', 'target': 'https://example.com/webhook'}}).encode()
req = urllib.request.Request('https://gateway.maton.ai/asana/api/1.0/webhooks', data=data, method='POST')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
req.add_header('Content-Type', 'application/json')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF
Response:
{
"data": {
"gid": "1234567890",
"resource": {
"gid": "1234567890",
"name": "Q1 Project"
},
"target": "https://example.com/webhook",
"active": true
}
}
Get a Webhook
GET /asana/api/1.0/webhooks/{webhook_gid}
Update a Webhook
PUT /asana/api/1.0/webhooks/{webhook_gid}
Delete a Webhook
DELETE /asana/api/1.0/webhooks/{webhook_gid}
Returns 200 OK with empty data on success.
Pagination
Asana uses cursor-based pagination. Use offset for pagination:
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://gateway.maton.ai/asana/api/1.0/tasks?project=1234567890&limit=50&offset=OFFSET_TOKEN')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF
Response includes next_page when more results exist:
{
"data": [...],
"next_page": {
"offset": "eyJ0eXBlIjoib2Zmc2V0IiwidmFsdWUiOjUwfQ",
"path": "/tasks?project=1234567890&limit=50&offset=eyJ0eXBlIjoib2Zmc2V0IiwidmFsdWUiOjUwfQ",
"uri": "https://app.asana.com/api/1.0/tasks?project=1234567890&limit=50&offset=eyJ0eXBlIjoib2Zmc2V0IiwidmFsdWUiOjUwfQ"
}
}
Code Examples
JavaScript
const response = await fetch(
'https://gateway.maton.ai/asana/api/1.0/tasks?project=1234567890',
{
headers: {
'Authorization': `Bearer ${process.env.MATON_API_KEY}`
}
}
);
const data = await response.json();
Python
import os
import requests
response = requests.get(
'https://gateway.maton.ai/asana/api/1.0/tasks',
headers={'Authorization': f'Bearer {os.environ["MATON_API_KEY"]}'},
params={'project': '1234567890'}
)
data = response.json()
Notes
- Resource IDs (GIDs) are strings
- Timestamps are in ISO 8601 format
- Use
opt_fieldsto specify which fields to return - Workspaces are the highest-level organizational unit
- Organizations are specialized workspaces representing companies
- IMPORTANT: When using curl commands, use
curl -gwhen URLs contain brackets (fields[],sort[],records[]) to disable glob parsing - IMPORTANT: When piping curl output to
jqor other commands, environment variables like$MATON_API_KEYmay not expand correctly in some shell environments. You may get "Invalid API key" errors when piping.
Error Handling
| Status | Meaning |
|---|---|
| 400 | Bad request or missing Asana connection |
| 401 | Invalid or missing Maton API key |
| 403 | Forbidden - insufficient permissions |
| 404 | Resource not found |
| 429 | Rate limited |
| 4xx/5xx | Passthrough error from Asana API |
Troubleshooting: API Key Issues
- Check that the
MATON_API_KEYenvironment variable is set:
echo $MATON_API_KEY
- Verify the API key is valid by listing connections:
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://ctrl.maton.ai/connections')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF
Troubleshooting: Invalid App Name
- Ensure your URL path starts with
asana. For example:
- Correct:
https://gateway.maton.ai/asana/api/1.0/tasks - Incorrect:
https://gateway.maton.ai/api/1.0/tasks
Resources
Files
2 totalSelect a file
Select a file to preview.
Comments
Loading comments…