Microsoft OneNote
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: one-note Version: 1.0.1 The skill provides a legitimate integration for Microsoft OneNote via the Maton API proxy (api.maton.ai). It includes standard OAuth connection management and CRUD operations for notebooks, sections, and pages using Python examples. The SKILL.md file includes explicit safety instructions requiring the agent to seek user approval for all write operations, and no evidence of malicious intent, data exfiltration, or unauthorized execution was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone with the Maton API key or active connection could potentially access the connected OneNote resources through this integration.
The skill uses a Maton API key plus delegated Microsoft OAuth access to the user's OneNote account. This is expected for the integration, but it is sensitive account authority.
All requests require the Maton API key in the Authorization header... Maton proxies requests to Microsoft Graph (`graph.microsoft.com`) and automatically injects your OAuth token.
Only use this if you trust Maton, keep the MATON_API_KEY private, choose the intended connection when multiple accounts exist, and revoke/delete connections that are no longer needed.
Approved write operations could create, change, or delete OneNote content or connection records.
The skill can perform mutating OneNote actions, but it discloses that capability and instructs the agent to obtain user approval before writes.
Use this skill when users want to create or manage OneNote notebooks... **All write operations require explicit user approval.** Before executing any create, update, or delete call, confirm the target resource and intended effect with the user.
Before approving writes, verify the target notebook, section, page, or connection ID and confirm the intended effect.
Notebook metadata or page content requested through the skill may transit Maton's API gateway.
The integration routes OneNote API requests through Maton's gateway before reaching Microsoft Graph. This is disclosed and purpose-aligned, but it means OneNote request and response data may pass through a third-party service.
Base URL... https://api.maton.ai/one-note/v1.0/me/onenote/{resource} ... Maton proxies requests to Microsoft Graph (`graph.microsoft.com`)Review Maton's privacy and security practices before using this with highly sensitive notebooks.