Netlify
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent Netlify integration, but it uses a Maton API key and delegated OAuth access that can reach sensitive Netlify administration features.
Install this only if you trust Maton and need Netlify account access through this skill. Keep MATON_API_KEY private, connect only the intended Netlify account, review OAuth scopes, and require the agent to show exact resource IDs and consequences before approving any DNS, environment variable, site, deploy, or build changes.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Someone with the Maton API key or access to the configured connection could view or operate on connected Netlify resources according to the authorized scopes.
The Maton API key authorizes a gateway that uses delegated Netlify OAuth access. This is expected for the skill, but it gives access to the connected Netlify account within the granted scopes.
All requests require the Maton API key in the Authorization header ... The gateway proxies requests to `api.netlify.com` and automatically injects your OAuth token.
Protect MATON_API_KEY, review Netlify OAuth scopes before authorizing, use least-privilege or dedicated connections where possible, and specify the intended Maton connection when multiple accounts exist.
If approved, these operations could break production sites, alter DNS behavior, change secrets or configuration, or trigger live builds.
The skill can perform high-impact Netlify administration, but the artifact explicitly requires confirmation and consequence summaries before such operations.
Deleting sites, modifying DNS zones/records, changing environment variables, and triggering production builds can affect live websites. These actions must include a summary of consequences and require confirmation.
Before approving write actions, verify the account, site ID, DNS zone, environment variable key, and stated consequences. Prefer read-only checks and reversible actions when possible.
Netlify metadata, DNS details, build/deploy data, and environment variable information may be exposed to the gateway provider as part of normal operation.
Netlify requests and responses are routed through the Maton gateway rather than directly to Netlify. This is disclosed and central to the skill, but it means sensitive Netlify data may pass through a third-party service.
Base URL: `https://api.maton.ai/netlify/{native-api-path}` ... Access the Netlify API with managed OAuth authentication. View sites, deploys, builds, DNS zones, environment variables, and webhooks.Use this only if you trust the Maton gateway with the connected Netlify account data, and avoid retrieving or sharing sensitive environment variables unless needed.