Reducto
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent Reducto API integration, but it uses external document-processing services and API credentials, so users should be careful about what documents and accounts they connect.
Before installing, confirm you trust Maton and Reducto with the documents you plan to process, use the intended Reducto connection when multiple accounts exist, and require explicit confirmation for any edit, create, or delete operation.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using the skill is allowing the agent to make Reducto-related API requests with the configured Maton credential.
The skill requires a bearer API key that authorizes calls through Maton, giving the agent delegated access to the connected Reducto integration.
All requests require the Maton API key in the Authorization header: Authorization: Bearer $MATON_API_KEY
Use a dedicated Maton key where possible, keep it secret, and verify the connected Reducto account before processing documents.
Document URLs, extracted data requests, and related metadata may pass through external services during processing.
The skill discloses a gateway/proxy flow where document-processing requests and credentials are handled through Maton and forwarded to Reducto.
Maton proxies requests to `platform.reducto.ai` and automatically injects your API key.
Do not send confidential documents unless you are comfortable with Maton and Reducto handling them under their service terms.
If used carelessly, the agent could modify documents or manage API connections in ways that affect the user's account or outputs.
The skill includes document and connection mutation capabilities, but it also states that create, update, and delete operations must be confirmed with the user.
Parse, extract, split, and edit PDFs/DOCX files. ... All write operations require explicit user approval.
Approve write, edit, create, or delete actions only after checking the target document, connection, and intended effect.