Podio
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent Podio integration, but it uses a Maton API key/OAuth connection and can change or delete Podio workspace data with user approval.
Before installing, make sure you intend to connect Podio through Maton. Keep your MATON_API_KEY and OAuth authorization links private, select the correct connection when multiple accounts exist, and only approve writes or deletions after checking the target and impact.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If approved, the agent can make real changes to Podio workspaces and items, including deletions.
The skill exposes create, update, and delete operations for Podio data, but it also instructs the agent to get explicit approval before writes.
Use this skill when users want to read, create, update, or delete Podio items... **All write operations require explicit user approval.**
Approve write or delete actions only after verifying the exact Podio resource, account, and intended effect.
Anyone with the API key or an authorized connection could potentially act through the connected Podio account within the granted permissions.
The Maton API key is required to access the gateway that uses the connected Podio OAuth authorization.
All requests require the Maton API key in the Authorization header: Authorization: Bearer $MATON_API_KEY
Keep MATON_API_KEY private, use the intended Podio connection, and revoke connections that are no longer needed.
Podio requests and responses may pass through Maton as part of the managed OAuth proxy.
Podio API requests flow through the Maton gateway rather than going directly to Podio, so Podio data and actions cross that service boundary.
Maton proxies requests to `api.podio.com` and automatically injects your OAuth token.
Use this skill only if you trust the Maton service with the connected Podio account and its data.