ClawHub

Box

v1.0.2

Box API integration with managed OAuth. Manage files, folders, collaborations, and cloud storage. Use this skill when users want to upload, download, share, or organize files and folders in Box. For other third party apps, use the api-gateway skill (https://clawhub.ai/byungkyu/api-gateway). Requires network access and valid Maton API key.

3· 3.5k·2 current·2 all-time
by@byungkyu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Box API with managed OAuth) matches the actions shown in SKILL.md. The only required secret is MATON_API_KEY, which is appropriate for a gateway/proxy-based integration.
Instruction Scope
All runtime instructions are HTTP calls to Maton endpoints (gateway.maton.ai, ctrl.maton.ai, connect.maton.ai) using the declared MATON_API_KEY. The instructions do not request unrelated files, system state, or other environment variables.
Install Mechanism
No install spec and no code files beyond docs — instruction-only skill. This minimizes disk-written code and executable install risk.
Credentials
Only MATON_API_KEY is required, which is proportionate to using a managed gateway/OAuth proxy. Note: that key gives the gateway access to Box on behalf of the user, so it is a powerful credential and should be protected.
Persistence & Privilege
always is false and the skill is user-invocable; autonomous invocation is allowed (platform default) but is not combined with other concerning privileges. The skill does not request persistent system-wide configuration changes.
Assessment
This skill looks coherent and minimal, but before installing: (1) Confirm you trust the Maton service (gateway.maton.ai / ctrl.maton.ai / connect.maton.ai) because your MATON_API_KEY grants it access to Box on your behalf. (2) Keep the MATON_API_KEY secret, and use least-privilege / rotate/revoke the key if you stop using the skill. (3) Because the skill is instruction-only (no shipped code), there is less risk of hidden local code, but network requests go to external Maton domains — verify those domains are official for your organization. (4) If you need to restrict autonomous access, only enable the skill when explicitly invoked by a user.

Like a lobster shell, security has layers — review code before you run it.

latestvk97crgbtwxxtt6w7p5y0h7ydad80wwga

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧠 Clawdis
EnvMATON_API_KEY

Comments