ClawHub

Google Merchant Center

v1.0.5

Google Merchant Center API integration with managed OAuth. Manage products, inventories, data sources, promotions, and reports for Google Shopping. Use this...

5· 5.3k·3 current·4 all-time
by@byungkyu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the behavior in SKILL.md: the skill proxies Google Merchant API calls through Maton gateway endpoints and requires a Maton API key. There are no unrelated environment variables, binaries, or installs requested.
Instruction Scope
SKILL.md contains concrete HTTP/python examples that only read MATON_API_KEY and call gateway.maton.ai / ctrl.maton.ai endpoints which proxy to merchantapi.googleapis.com. The instructions do not request other system files, credentials, or unexpected data exfiltration steps.
Install Mechanism
No install spec or code is included (instruction-only). Nothing is written to disk or downloaded by the skill itself, which reduces installation risk.
Credentials
Only MATON_API_KEY is required, which is proportionate if Maton is providing managed OAuth. However, that single credential grants the proxy service access to your Merchant data via OAuth — treat it as powerful and verify its scope, permissions, rotation policy, and trustworthiness before use.
Persistence & Privilege
Skill is not always-enabled and uses default autonomous invocation settings. It does not request persistent system modifications or other skills' credentials.
Scan Findings in Context
[no_scan_findings] expected: The static regex scanner had no code files to analyze. This is expected for an instruction-only skill; absence of findings is not proof of safety.
Assessment
This skill is coherent: it uses a Maton gateway to manage OAuth for Google Merchant Center and only asks for a MATON_API_KEY. Before installing, verify the maton.ai service (homepage, reputation, privacy policy), confirm what permissions the API key grants, and prefer scoped/rotatable credentials. Treat the MATON_API_KEY like a secret—do not paste it into untrusted places. If you prefer not to route Merchant data through a third party, use a direct Google API integration instead. Finally, monitor account activity and be prepared to revoke the API key if you see unexpected calls.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bbzcm3p23ap2m4h2zg7w3ad81mw5y

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧠 Clawdis
EnvMATON_API_KEY

Comments