ClawHub

Microsoft Teams

v1.0.0

Microsoft Teams API integration with managed OAuth. Manage teams, channels, messages, and meetings via Microsoft Graph API. Use this skill when users want to...

1· 1k·4 current·4 all-time
by@byungkyu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (Microsoft Teams via managed OAuth) match the instructions: all runtime calls go to a Maton gateway that proxies to Microsoft Graph. Requesting a single API key for a gateway service is coherent with the stated purpose.
Instruction Scope
SKILL.md explicitly instructs the agent to call https://gateway.maton.ai and https://ctrl.maton.ai and to use MATON_API_KEY in Authorization headers. All operations (list teams, create channels, messages, meetings, recordings) are proxied through Maton, which will see request/response payloads and hold OAuth connections. There is no instruction to access unrelated files, env vars, or local system state.
Install Mechanism
No install spec and no code files — instruction-only. This minimizes on-disk persistence and execution of third-party code by the skill itself.
Credentials
Only MATON_API_KEY is required, which is proportionate to a gateway-based integration. However, that single secret effectively grants the gateway access to your Teams connections and proxied Graph calls, so it is high-value and should be trusted/managed accordingly.
Persistence & Privilege
always is false and model invocation is not disabled (defaults). The skill does not request permanent system-wide privileges or modify other skills. Autonomous invocation is normal and not by itself a concern.
Assessment
This skill is internally consistent for a Teams integration that uses a third‑party gateway (maton.ai). Before installing: (1) confirm you trust maton.ai — they will see all proxied Graph API requests and hold OAuth tokens for your accounts; (2) verify the MATON_API_KEY scope/permissions and treat it like a high-value secret (store safely, rotate if compromised); (3) review Maton’s privacy/security docs and consider using org-level admin consent or least-privilege scopes for connections; (4) avoid sending highly sensitive data through a third-party proxy unless you’ve vetted them; (5) if you prefer not to trust an intermediary, consider a skill that calls Microsoft Graph directly with your own Azure AD app credentials. If you want higher confidence about provenance, ask the publisher for source code or an official homepage and verify the registry owner.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d6g6nkac9r7kpam1091wzcx81f0b9

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧠 Clawdis
EnvMATON_API_KEY

Comments