Fireflies.ai
ReviewAudited by ClawScan on May 1, 2026.
Overview
This is a coherent Fireflies.ai API skill, but it uses a Maton API key and OAuth connection to access sensitive meeting data, so users should verify the account and data scope before installing.
Install only if you trust Maton with access to your Fireflies meeting data. Use the correct Fireflies connection, protect the MATON_API_KEY, review any GraphQL mutation before approving it, and revoke the OAuth connection when no longer needed.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using the skill is granting access to Fireflies account data available through the connected OAuth account, including potentially sensitive meeting information.
The skill requires a Maton API key and uses managed OAuth to access the connected Fireflies account.
All requests require the Maton API key in the Authorization header: Authorization: Bearer $MATON_API_KEY
Use the intended Fireflies account only, protect the Maton API key, prefer least-privilege OAuth access where available, and revoke the Maton connection when it is no longer needed.
If a user approves the wrong mutation, the skill could change or delete Fireflies or Maton connection resources.
The skill exposes GraphQL operations that may include mutations, but it explicitly requires user confirmation for create, update, or delete actions.
All write operations require explicit user approval. Before executing any create, update, or delete mutation, confirm the target resource and intended effect with the user.
Review GraphQL mutations carefully before approval, confirm the exact target resource, and avoid approving broad or unclear changes.
Meeting transcripts, summaries, user information, and related API responses may be visible to or processed by the Maton proxy according to its service terms and controls.
The Fireflies API calls are routed through Maton, so request and response data for meeting content pass through a third-party gateway.
Maton proxies requests to `api.fireflies.ai/graphql` and automatically injects your OAuth token.
Review Maton’s privacy and security practices before connecting sensitive Fireflies workspaces, and ensure the selected connection is the intended account.
Users have less registry-level information to verify who maintains the skill, even though the skill content identifies Maton endpoints and setup steps.
The registry metadata does not provide a source repository or homepage, which limits provenance verification for a credential-handling integration.
Source: unknown; Homepage: none
Confirm that the skill publisher and Maton service are trusted before providing an API key or completing OAuth authorization.