Asana
ReviewAudited by ClawScan on May 7, 2026.
Overview
This appears to be a coherent Asana integration, but users should understand that it uses Maton-managed OAuth to access and potentially change Asana work data and webhooks.
Before installing or using this skill, make sure you trust Maton to broker Asana access, connect only the intended Asana account, and require clear confirmation before any write, delete, connection, or webhook action.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using this skill is granting Maton-mediated access to Asana resources available under the connected account.
The skill uses delegated Asana OAuth access through Maton, which is expected for this integration but gives the service authenticated access to the connected Asana account.
Maton proxies requests to `app.asana.com` and automatically injects your OAuth token.
Connect only the intended Asana account/workspace, review OAuth permissions during authorization, and revoke the connection when it is no longer needed.
Approved actions could create, modify, or delete Asana tasks, projects, connections, or related resources.
The skill can perform write operations against Asana, which can change or delete work data. The explicit approval requirement reduces the risk and makes this purpose-aligned.
**All write operations require explicit user approval.** Before executing any create, update, or delete call, confirm the target resource and intended effect with the user.
Confirm the exact Asana resource and intended change before allowing any create, update, or delete action.
Asana request and response data may pass through Maton’s API gateway as part of normal operation.
Asana requests are routed through a third-party gateway rather than directly to Asana. This is disclosed and central to the managed OAuth design, but users should be aware of the data boundary.
Base URL: `https://api.maton.ai/asana/{native-api-path}`Use this only if you are comfortable with Maton brokering Asana API traffic, and avoid sending unnecessary sensitive Asana data through broad raw API calls.
Installing the CLI gives locally installed software from the package source the ability to run on the user’s machine.
The skill recommends a user-directed global CLI installation from an external package source. This is expected for the documented workflow, but it is outside the provided instruction-only artifact.
npm install -g @maton-ai/cli
Install the CLI only from the official Maton package source, verify the package name, and keep it updated.
A webhook could continue sending Asana event notifications until removed.
Webhook management can create persistent external integrations that continue after the immediate request. This is disclosed and aligned with Asana workflow automation.
Manage tasks, projects, workspaces, users, and webhooks for work management.
Approve webhook creation only for known destinations and periodically review/delete webhooks that are no longer needed.