Calendly
ReviewAudited by ClawScan on May 1, 2026.
Overview
This appears to be a coherent Calendly integration, but it uses a Maton API key and OAuth proxy to access scheduling data and perform user-approved account changes.
Use this skill only if you intend to connect Calendly through Maton. Protect the MATON_API_KEY, verify the Maton connection and selected Calendly account, and only approve write operations such as webhook or connection changes after checking the exact target and effect.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent with this key could potentially access the connected Calendly data and permitted Calendly actions through Maton.
The skill requires a bearer API key that grants access to the user's managed Calendly OAuth connection.
All requests require the Maton API key in the Authorization header: Authorization: Bearer $MATON_API_KEY
Store the MATON_API_KEY securely, use the intended Maton/Calendly account, and rotate or revoke the key if it may have been exposed.
Approved write calls could change Calendly integrations, OAuth connections, or webhook behavior in the user's account.
The skill includes mutating Calendly/Maton operations such as creating or deleting connections and managing webhooks, while also requiring explicit approval.
**All write operations require explicit user approval.** Before executing any create, update, or delete call, confirm the target resource and intended effect with the user.
Before approving any create, update, or delete request, confirm the target account, resource ID, destination URL if applicable, and expected effect.
Calendly scheduling data, invitee details, and webhook management requests may pass through the Maton service.
Calendly API traffic and OAuth-mediated access flow through the Maton gateway rather than directly to Calendly.
Maton proxies requests to `api.calendly.com` and automatically injects your OAuth token.
Verify that Maton is the intended provider and that its privacy, retention, and account-connection settings meet your needs.
Users have less registry-level information for independently verifying the publisher and integration before granting account access.
The registry metadata does not provide a source repository or homepage, which limits provenance verification for a credentialed third-party integration.
Source: unknown; Homepage: none
Confirm the publisher and Maton service out of band before connecting a Calendly account or entering a MATON_API_KEY.