Pipedrive
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If approved, the agent can change or delete Pipedrive CRM records such as deals, contacts, organizations, activities, and pipelines.
The skill can perform create, update, and delete operations against CRM resources. The risk is purpose-aligned and mitigated by an explicit approval requirement.
All write operations require explicit user approval. Before executing any create, update, or delete call, confirm the target resource and intended effect with the user.
Only approve write or delete actions after checking the exact resource, account connection, and intended change.
Anyone or any agent action using this key may access the connected Pipedrive account within the granted permissions.
The skill requires a sensitive API key that delegates access to Maton-managed Pipedrive OAuth connections.
All requests require the Maton API key in the Authorization header: Authorization: Bearer $MATON_API_KEY
Store the Maton API key securely, avoid sharing it in prompts or logs, and revoke or rotate it if it may have been exposed.
Pipedrive request and response data may be processed by the Maton service while using this skill.
The integration routes Pipedrive API traffic and OAuth-backed access through the Maton gateway. This data flow is disclosed and central to the skill, but it means CRM data passes through a third-party service.
Maton proxies requests to `api.pipedrive.com` and automatically injects your OAuth token.
Use this skill only if you trust Maton to handle your Pipedrive data and OAuth connection appropriately.