ClawHub

Cognito Forms

v1.0.2

Cognito Forms API integration with managed OAuth. Access forms, entries, and documents. Use this skill when users want to create, read, update, or delete form entries, or retrieve form submissions. For other third party apps, use the api-gateway skill (https://clawhub.ai/byungkyu/api-gateway).

3· 3.3k·0 current·0 all-time
by@byungkyu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description say it proxies Cognito Forms via a managed OAuth gateway and the SKILL.md only requires MATON_API_KEY and uses gateway.maton.ai / ctrl.maton.ai endpoints — this is coherent with the stated purpose. No unrelated services, binaries, or config paths are requested.
Instruction Scope
Runtime instructions are limited to making HTTP calls to Maton endpoints to list forms, manage entries, and manage OAuth connections; they instruct opening an OAuth url in a browser. The instructions do not direct reading arbitrary system files, other env vars, or exfiltrating data to unknown hosts beyond the Maton gateway.
Install Mechanism
No install spec and no code files — instruction-only. This minimizes disk-write/execute risk; nothing is downloaded or installed.
Credentials
Only a single environment variable (MATON_API_KEY) is required, which is appropriate because the skill routes requests through Maton-managed OAuth. No unrelated credentials or broad filesystem config paths are requested.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request permanent/global presence or modify other skills. The skill relies on per-use MATON_API_KEY for auth.
Assessment
This skill appears to be what it says: a thin instruction-set that calls Maton gateway endpoints and needs a MATON_API_KEY. Before installing, confirm you trust the Maton service (gateway.maton.ai / ctrl.maton.ai) because the API key grants it access to your Cognito Forms data via OAuth. Treat MATON_API_KEY as sensitive: use least-privilege / per-environment keys if available, rotate/revoke keys if needed, review Maton's privacy/security docs and OAuth connection scopes, and test with non-production data. Because the package has no homepage or verifiable upstream, you may want to verify the publisher (Maton) or consult your org's policy before using in production.

Like a lobster shell, security has layers — review code before you run it.

latestvk970m59nsv7f82qq5f7wrb37e980xxnn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧠 Clawdis
EnvMATON_API_KEY

Comments