Motion
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent Motion integration that uses Maton-managed OAuth and can read or modify Motion data, with write actions explicitly requiring user approval.
Before installing, make sure you trust Maton with managed OAuth access to your Motion account. Keep the MATON_API_KEY private, choose the correct Motion connection if you have more than one, and only approve write actions after confirming the exact task, project, workspace, or comment that will be changed.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may be able to change or delete Motion tasks, projects, comments, or scheduling data when the user asks it to.
The skill exposes create, read, update, and delete capabilities for Motion resources; this is expected for a Motion management skill but can affect user data if used incorrectly.
Manage tasks, projects, workspaces, comments, and recurring tasks with full CRUD operations.
Review requested changes before approval, especially deletes, bulk edits, workspace-level changes, or actions affecting other assignees.
Anyone with the API key may be able to access the connected Motion integration according to the key’s permissions.
The skill requires a sensitive Maton API key that delegates access to the user’s connected Motion account.
All requests require the Maton API key in the Authorization header: Authorization: Bearer $MATON_API_KEY
Store the MATON_API_KEY securely, do not paste it into chats or logs, rotate it if exposed, and use the intended Motion connection when multiple accounts are linked.
Motion task, project, workspace, and scheduling data may pass through Maton as part of normal operation.
Motion API requests and responses flow through the Maton gateway, which is disclosed and purpose-aligned but means task and account data transit a third-party service.
Maton proxies requests to `api.usemotion.com` and automatically injects your OAuth token.
Use this skill only if you trust Maton to handle Motion OAuth and API data, and disconnect unused OAuth connections when no longer needed.