Attio
PassAudited by ClawScan on May 1, 2026.
Overview
This is a disclosed Attio CRM integration through Maton OAuth; it can access and change CRM data, so writes should be approved carefully.
This skill appears coherent for Attio CRM work. Install or use it only if you trust Maton as the OAuth/API gateway, keep the MATON_API_KEY private, confirm the intended Attio connection, and carefully review any create, update, or delete operation before approving it.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If a user approves the wrong operation, CRM records, tasks, notes, lists, or related business data could be changed or deleted.
The skill exposes high-impact CRM mutation operations, but the artifact discloses them and requires user approval before writes.
Use this skill when users want to create, read, update, or delete records in Attio... **All write operations require explicit user approval.**
Before approving any create, update, or delete request, verify the target Attio account, resource, record ID, and intended effect.
Anyone with the Maton API key and active connection may be able to act on the connected Attio CRM within the granted scope.
The skill requires a sensitive Maton API key and uses delegated OAuth access to the connected Attio workspace, which is expected for this integration but important to understand.
All requests require the Maton API key in the Authorization header... Authorization: Bearer $MATON_API_KEY ... Maton proxies requests to `api.attio.com` and automatically injects your OAuth token.
Keep MATON_API_KEY secret, connect only the intended Attio workspace, revoke unused connections, and use the Maton-Connection header when multiple accounts exist.
CRM data, including people, companies, notes, meetings, or other workspace data requested through the skill, may transit Maton as part of the integration.
Attio CRM requests and responses are routed through the Maton gateway before reaching Attio, so CRM data crosses that third-party service boundary.
https://api.maton.ai/attio/{native-api-path} ... Maton proxies requests to `api.attio.com`Use the skill only if you trust Maton to handle the connected CRM data, and avoid sending unnecessary sensitive fields in requests.