ClawHub

Motion

v1.0.0

Manage tasks, projects, workspaces, and scheduling in Motion with full CRUD operations via OAuth-secured API integration.

0· 696·1 current·1 all-time
by@byungkyu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (Motion task/project management) match the instructions which call Motion endpoints via a Maton gateway. The single required env var (MATON_API_KEY) aligns with the documented gateway-based authentication. The use of a Maton proxy is a design choice but is consistent with the described purpose.
Instruction Scope
SKILL.md only instructs making HTTP calls to maton.ai gateway endpoints and ctrl.maton.ai for connection management using the MATON_API_KEY. It does not read other files or environment variables. Important note: invoking the skill will transmit MATON_API_KEY to maton.ai domains (the gateway/proxy) — this is expected but worth highlighting as an external trust boundary.
Install Mechanism
Instruction-only skill with no install steps and no code files to run locally. Low installation risk: nothing is downloaded or written by an installer.
Credentials
Only one env var (MATON_API_KEY) is required, which is proportionate for an API integration. Minor discrepancy: registry metadata lists no primary credential even though MATON_API_KEY is the main secret — likely an omission but not a security problem by itself. Users should assume the key grants access via Maton to their Motion account and act accordingly.
Persistence & Privilege
The skill does not request always:true and is user-invocable; it does not attempt to modify other skills or system-wide settings. Normal autonomous invocation is allowed (platform default).
Assessment
This skill proxies Motion API calls through maton.ai. Before installing: (1) Confirm maton.ai, gateway.maton.ai, ctrl.maton.ai, and connect.maton.ai are trustworthy and legitimate for your org; the skill will send your MATON_API_KEY to those domains. (2) Use a least-privilege API key (create a scoped or test key if possible) and store it securely; rotate it if you suspect misuse. (3) When completing OAuth flows, verify the browser URL and session_token host are correct and expected. (4) If you prefer direct integrations, consider using Motion's official API (api.usemotion.com) rather than a third-party proxy. (5) Note the registry metadata didn't mark a primary credential — treat MATON_API_KEY as the primary secret and only grant it if you accept Maton acting as an intermediary.

Like a lobster shell, security has layers — review code before you run it.

latestvk972rnxy2bwwbgn3q6ahqhaybx815asr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧠 Clawdis
EnvMATON_API_KEY

Comments