Cal.com
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent Cal.com integration that uses a Maton API key and managed OAuth to read and change scheduling data, with write actions explicitly requiring user approval.
Install if you are comfortable allowing Maton-managed OAuth access to your Cal.com account. Keep the API key secret, confirm the connected account before use, and approve write operations only after checking the exact scheduling change.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the key or connection is misused, actions could be taken against the connected Cal.com account.
The skill uses a Maton API key and delegated OAuth access to act on a connected Cal.com account. This is expected for the integration, but it is still account-level authority.
All requests require the Maton API key in the Authorization header ... Maton proxies requests to `api.cal.com` and automatically injects your OAuth token.
Keep MATON_API_KEY private, connect only the intended Cal.com account, use the Maton-Connection header when multiple accounts exist, and revoke connections that are no longer needed.
Approved write actions can change bookings, schedules, event types, or related Cal.com configuration.
The skill exposes API operations that can modify scheduling resources, but it also clearly requires user confirmation before writes.
Create and manage event types, bookings, schedules, calendars, and webhooks. ... **All write operations require explicit user approval.**
Before approving any write action, verify the target account, resource, and exact intended change.
Scheduling data, profile details, and booking-related requests may pass through Maton's service.
Cal.com API requests and responses are routed through Maton's gateway rather than directly to Cal.com. This provider-mediated data flow is disclosed and central to the managed OAuth design.
Base URL ... `https://api.maton.ai/cal-com/v2/{resource}` ... Maton proxies requests to `api.cal.com`Use this skill only if you trust Maton as the OAuth/API gateway for your Cal.com account data.