Coda
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: coda-api Version: 1.0.1 The skill provides a legitimate integration for the Coda API via a managed OAuth proxy service (api.maton.ai). The code snippets in SKILL.md use standard Python libraries (urllib) to perform CRUD operations on Coda resources and manage connections. The documentation includes explicit safety instructions for the AI agent to require user approval for write operations, and no indicators of malicious intent, data exfiltration, or obfuscation were found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing and using this skill can let the agent act against the connected Coda account within the allowed Coda resources.
The skill requires a sensitive Maton API key that authorizes access to the user's connected Coda account.
All requests require the Maton API key in the Authorization header: Authorization: Bearer $MATON_API_KEY
Use a Maton/Coda connection you trust, confirm the selected connection when multiple accounts exist, and revoke the connection if you no longer need the skill.
Mistaken or overly broad requests could modify or delete Coda content.
The skill exposes high-impact Coda write and delete capabilities, but those capabilities are central to the stated purpose.
Use this skill when users want to read, create, update, or delete Coda docs, pages, tables, or rows.
Before approving any write or delete action, verify the target doc, page, table, row, and intended change.
Coda API requests and responses may pass through Maton's service as part of normal operation.
Coda API traffic and OAuth-mediated access are handled through the Maton gateway, so the user must trust that provider with the integration flow.
Maton proxies requests to `coda.io/apis/v1` and automatically injects your OAuth token.
Review Maton's trust/privacy posture before connecting sensitive Coda workspaces and use the `Maton-Connection` header when multiple connections exist.