Microsoft OneDrive
PassAudited by ClawScan on May 7, 2026.
Overview
This appears to be a disclosed OneDrive integration, but it can access and change files through a Maton OAuth proxy, so users should approve write and sharing actions carefully.
Before installing, confirm you trust Maton and the Maton CLI, authorize only the intended Microsoft account, specify the right connection if you have multiple accounts, and carefully review any upload, delete, edit, or sharing request before approving it.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An approved action could modify, delete, upload, download, or share files in the connected OneDrive account.
The skill can create, read, update, delete, and share OneDrive resources. This is expected for the stated purpose, but it can materially affect user files.
Manage files, folders, drives, and sharing with full CRUD operations.
Confirm the exact file, folder, drive, and intended effect before approving any write, delete, or sharing operation.
Whoever can use the configured credential may be able to act on the connected OneDrive account within the granted permissions.
The skill requires an API key and account authorization to act against a user's OneDrive through Maton/Microsoft Graph.
Requires network access and valid Maton API key.
Use a trusted Maton account, verify the Microsoft account and OAuth scopes during authorization, and revoke or delete the connection when it is no longer needed.
OneDrive metadata, file operations, and possibly file contents may pass through Maton's service depending on the requested operation.
Requests to OneDrive are routed through Maton's API gateway, which handles OAuth token injection. This data flow is disclosed and central to the skill, but it means a third-party proxy participates in access to OneDrive data.
Maton proxies requests to `graph.microsoft.com` and automatically injects your OAuth token.
Install only if you trust Maton to handle OneDrive requests and OAuth securely; avoid sending especially sensitive files unless that trust is acceptable.
Using the CLI requires trusting an external package manager install that was not reviewed here.
The skill's CLI workflow depends on installing an external global CLI package. That is coherent with the Maton integration, but the package contents are not included in the supplied artifacts.
npm install -g @maton-ai/cli ... brew install maton-ai/cli/maton
Install the CLI only from Maton's official distribution channels and keep it updated; use the documented HTTP API path if you do not want a global CLI install.