Granola
ReviewAudited by ClawScan on May 1, 2026.
Overview
This skill is a coherent Granola meeting-search integration, but it handles sensitive meeting content through a third-party Maton API key and OAuth connection.
This appears purpose-aligned for searching Granola meetings. Before installing, confirm you are comfortable giving Maton-mediated access to your Granola meeting notes and transcripts, and use it only for meetings whose contents you are willing to process through that integration.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using this skill is giving it delegated access to Granola meeting information through Maton.
The skill requires a Maton API key and a connected Granola account, which is expected for this integration but grants access to private account data.
All requests require the Maton API key: Authorization: Bearer $MATON_API_KEY
Install only if you trust Maton with this access, use the intended Granola connection, and revoke the connection when no longer needed.
Meeting content, queries, and authorization flows may be processed by both Maton and Granola infrastructure.
The artifact clearly discloses that requests are routed through Maton to Granola MCP, so sensitive meeting queries and results may transit that gateway.
Maton proxies requests to `mcp.granola.ai` and automatically injects your credentials.
Review Maton and Granola privacy/security terms before using it for confidential meetings, and avoid querying content you do not want routed through the service.
Private transcript content may influence the agent’s responses and could include sensitive or misleading text from meetings.
Raw meeting transcript text can be brought into the agent’s context. This is purpose-aligned, but transcript contents should be treated as user data rather than instructions to follow.
Returns only the verbatim transcript content, not summaries or notes.
Ask for transcripts only when needed, verify important outputs, and do not treat retrieved meeting text as authoritative instructions.