Google Contacts
ReviewAudited by ClawScan on May 1, 2026.
Overview
This is a disclosed Google Contacts integration through Maton that needs OAuth/API-key access and can change contacts, but the provided artifacts scope it to address-book tasks and require approval for writes.
Before installing, make sure you trust Maton with access to your Google Contacts, keep the MATON_API_KEY private, use the correct connection if you have multiple Google accounts, and require the agent to ask before creating, updating, or deleting contacts.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent with the API key and connection could access the connected Google Contacts data within the granted scope.
This shows the skill uses a Maton API key and delegated Google OAuth access. That is expected for Google Contacts, but it gives the integration access to the connected address book.
All requests require the Maton API key in the Authorization header: Authorization: Bearer $MATON_API_KEY ... Maton proxies requests to `people.googleapis.com` and automatically injects your OAuth token.
Use a trusted Maton account, protect the MATON_API_KEY, and revoke the OAuth connection when it is no longer needed.
If used incorrectly, the agent could add, modify, or delete address-book entries.
The skill documents mutation authority over contacts, including create/update/delete operations. The approval instruction makes this purpose-aligned, but users should notice the impact.
Use this skill when users want to create, read, update, or delete contacts... **All write operations require explicit user approval.**
Only approve contact changes after reviewing the target contact, fields, and intended effect.
Your contact data and API requests may be processed by Maton as part of the integration.
The artifact discloses that Google Contacts API traffic goes through Maton's gateway. This is central to the managed OAuth design, but it means contact data and requests pass through a third-party service.
Base URL: https://api.maton.ai/google-contacts/{native-api-path} ... Maton proxies requests to `people.googleapis.com`Review Maton's trust, privacy, and account settings before connecting a Google account.