Salesforce
PassAudited by ClawScan on May 7, 2026.
Overview
This appears to be a disclosed Salesforce integration, but it can use OAuth credentials to read or change CRM data through Maton, so install only with tightly scoped permissions.
Install this only if you need Salesforce administration from an agent. Use the narrowest Salesforce permissions, start in a sandbox, specify the intended connection ID, approve every write/delete operation explicitly, and revoke any Maton/Salesforce connections you no longer use.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used with broad permissions or without careful approval, the agent could change important customer or business records in Salesforce.
The skill is explicitly designed to perform Salesforce CRUD operations, including mutations of CRM records. This is aligned with Salesforce administration, but it is high-impact business-data authority.
Query records using SOQL, manage sObjects, and perform CRUD operations on your Salesforce data... This integration can mutate CRM records — approve only specific write actions
Use a sandbox for testing, grant the narrowest Salesforce OAuth permissions possible, and require explicit approval for each write/delete action with the exact object and record IDs.
Anyone or any agent process with the Maton API key and an active Salesforce connection may be able to access or modify Salesforce data according to the granted OAuth scope.
The skill requires a Maton API key and uses managed Salesforce OAuth access. That credential use is expected for the integration, but it gives access to the user's connected Salesforce org.
compatibility: Requires network access and valid Maton API key... req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')Treat MATON_API_KEY as a secret, avoid sharing it in prompts or logs, restrict OAuth scopes, and revoke unused Maton/Salesforce connections promptly.
Sensitive CRM data may transit through Maton's API gateway as part of normal use.
Salesforce API traffic is routed through Maton's gateway, which is disclosed and central to the design, but it means Salesforce request and response data pass through a third-party service.
Base URL https://api.maton.ai/salesforce/{endpoint-path} ... The gateway proxies requests to `{instance}.salesforce.com` ... and injects your access token.Install only if you trust Maton with Salesforce API traffic, and check Maton's privacy/security practices before connecting production CRM data.
Installing a global CLI grants that package local execution capability on the user's machine.
The instruction-only skill tells users to install an external CLI globally. This is a normal setup path for the integration, but the CLI package contents are not included in the provided artifact set.
npm install -g @maton-ai/cli ... brew install maton-ai/cli/maton
Verify the Maton CLI publisher/source before installation and prefer pinned or trusted installation channels where possible.