ClawHub

Firebase

v1.0.0

Manage Firebase projects and apps (web, Android, iOS) with OAuth-authenticated CRUD operations, including listing, creating, updating, and deleting.

0· 1.2k·6 current·6 all-time
by@byungkyu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The SKILL.md describes a Firebase Management API integration that uses a Maton gateway and requires a MATON_API_KEY. The required env var and the network endpoints (gateway.maton.ai, ctrl.maton.ai) are consistent with that purpose. Minor metadata mismatch: registry metadata lists no primary credential while the skill clearly depends on MATON_API_KEY.
Instruction Scope
All runtime instructions operate against Maton endpoints (gateway.maton.ai and ctrl.maton.ai) and instruct use of the MATON_API_KEY. The instructions do not read other local files, other environment variables, or system paths. They do direct the user to open an OAuth URL in a browser to complete authentication (expected for OAuth flows).
Install Mechanism
This is an instruction-only skill with no install spec and no code files to execute on disk. That is the lowest-risk install pattern.
Credentials
The skill only requires a single environment variable, MATON_API_KEY, which matches the described managed-OAuth gateway usage. However, registry metadata omits a declared primary credential (minor inconsistency). Also note that providing MATON_API_KEY gives the Maton service the ability to act on your Firebase projects (tokens and operations are proxied through their gateway), so the credential is sensitive and access should be limited/trusted.
Persistence & Privilege
The skill is not marked always:true and does not request persistent config or modify other skills. Autonomous invocation is allowed (platform default) but is not combined with other privilege escalations here.
Assessment
This skill appears to do what it says: it proxies Firebase Management API calls through Maton's gateway and requires a MATON_API_KEY. Before installing, confirm you trust maton.ai (the gateway will see and act on your Firebase resources). Consider these actions: (1) verify Maton's website and privacy/security docs and confirm the service is legitimate, (2) use a least-privilege API key or scoped credential if Maton supports it, (3) monitor and audit connections shown at ctrl.maton.ai and revoke any you don't recognize, and (4) if provenance matters, ask the publisher to supply a homepage/source repo and update the skill metadata so the primary credential is explicitly declared. I have medium confidence because the skill is internally consistent but the registry/source provenance is limited.

Like a lobster shell, security has layers — review code before you run it.

latestvk974m6r2zpdgmzggy0jbzfqk15814vmz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧠 Clawdis
EnvMATON_API_KEY

Comments