Coda
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent Coda integration that clearly discloses its need for Maton/Coda credentials and Coda CRUD access, with explicit approval required for writes.
This skill appears reasonable for managing Coda through Maton. Before installing, make sure you trust Maton with the connected Coda account, use the correct connection if you have multiple accounts, and carefully approve any create, update, or delete operation.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing and using this skill can let the agent act against the connected Coda account within the allowed Coda resources.
The skill requires a sensitive Maton API key that authorizes access to the user's connected Coda account.
All requests require the Maton API key in the Authorization header: Authorization: Bearer $MATON_API_KEY
Use a Maton/Coda connection you trust, confirm the selected connection when multiple accounts exist, and revoke the connection if you no longer need the skill.
Mistaken or overly broad requests could modify or delete Coda content.
The skill exposes high-impact Coda write and delete capabilities, but those capabilities are central to the stated purpose.
Use this skill when users want to read, create, update, or delete Coda docs, pages, tables, or rows.
Before approving any write or delete action, verify the target doc, page, table, row, and intended change.
Coda API requests and responses may pass through Maton's service as part of normal operation.
Coda API traffic and OAuth-mediated access are handled through the Maton gateway, so the user must trust that provider with the integration flow.
Maton proxies requests to `coda.io/apis/v1` and automatically injects your OAuth token.
Review Maton's trust/privacy posture before connecting sensitive Coda workspaces and use the `Maton-Connection` header when multiple connections exist.