Pipedrive
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: pipedrive-api Version: 1.0.4 The skill provides a standard integration for the Pipedrive CRM via the Maton API gateway (api.maton.ai). It uses managed OAuth and requires a MATON_API_KEY environment variable. The documentation in SKILL.md provides clear instructions and Python examples for managing CRM resources like deals and contacts, and it explicitly instructs the agent to obtain user approval for write operations. No malicious indicators such as unauthorized data exfiltration, obfuscation, or prompt injection were found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If approved, the agent can change or delete Pipedrive CRM records such as deals, contacts, organizations, activities, and pipelines.
The skill can perform create, update, and delete operations against CRM resources. The risk is purpose-aligned and mitigated by an explicit approval requirement.
All write operations require explicit user approval. Before executing any create, update, or delete call, confirm the target resource and intended effect with the user.
Only approve write or delete actions after checking the exact resource, account connection, and intended change.
Anyone or any agent action using this key may access the connected Pipedrive account within the granted permissions.
The skill requires a sensitive API key that delegates access to Maton-managed Pipedrive OAuth connections.
All requests require the Maton API key in the Authorization header: Authorization: Bearer $MATON_API_KEY
Store the Maton API key securely, avoid sharing it in prompts or logs, and revoke or rotate it if it may have been exposed.
Pipedrive request and response data may be processed by the Maton service while using this skill.
The integration routes Pipedrive API traffic and OAuth-backed access through the Maton gateway. This data flow is disclosed and central to the skill, but it means CRM data passes through a third-party service.
Maton proxies requests to `api.pipedrive.com` and automatically injects your OAuth token.
Use this skill only if you trust Maton to handle your Pipedrive data and OAuth connection appropriately.