ClawHub

Google Contacts

v1.0.3

Google Contacts API integration with managed OAuth. Manage contacts, contact groups, and search your address book. Use this skill when users want to create, read, update, or delete contacts, manage contact groups, or search for people in their Google account. For other third party apps, use the api-gateway skill (https://clawhub.ai/byungkyu/api-gateway).

5· 5.4k·2 current·3 all-time
by@byungkyu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (Google Contacts via managed OAuth) match the actual instructions: calls to gateway.maton.ai and ctrl.maton.ai to access Google People API and manage OAuth connections. No unrelated services, binaries, or config paths are requested.
Instruction Scope
SKILL.md explicitly instructs the agent to call Maton endpoints (gateway.maton.ai, ctrl.maton.ai) and to open the returned connect.maton.ai URL for OAuth. It does not instruct reading local files, unrelated env vars, or contacting unexpected endpoints beyond Maton and the proxied Google API.
Install Mechanism
No install spec and no code files — instruction-only — so nothing is written to disk or installed. This minimizes install-time risk.
Credentials
Only MATON_API_KEY is required, which is proportionate because the gateway uses it as a bearer token to authenticate requests. However, that key effectively grants Maton access to your Google contacts (through the managed OAuth flow), so the trust boundary is the Maton service; the skill asks for no other secrets.
Persistence & Privilege
always:false and default autonomous invocation settings are used. The skill does not request persistent system presence, nor modify other skills or system configs.
Assessment
This skill delegates all Google Contacts traffic and OAuth handling to Maton (gateway.maton.ai, ctrl.maton.ai, connect.maton.ai). MATON_API_KEY is a bearer-style key that authorizes those requests — treat it like a credential: only obtain it from Maton’s official dashboard, store it securely, and revoke it if compromised. The skill is instruction-only (no local install), which reduces code risk, but the published package lacks a homepage and the source is 'unknown' — verify the publisher/owner identity and Maton’s privacy/security policies before installing, especially for business or sensitive accounts. If you prefer tighter control, use an officially supported Google integration or a gateway you run yourself. Finally, remove any OAuth connections you no longer need and limit key exposure (avoid pasting into public/shared environments).

Like a lobster shell, security has layers — review code before you run it.

latestvk97a23drvtchj8rdgx1mgd1ar180x74m

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧠 Clawdis
EnvMATON_API_KEY

Comments