Vimeo
PassAudited by ClawScan on May 1, 2026.
Overview
This is a disclosed Vimeo integration that needs a Maton API key/OAuth and can change Vimeo content when the user approves write actions.
Use this skill only if you trust Maton to broker your Vimeo OAuth access. Keep MATON_API_KEY private, verify which Vimeo connection is being used, and carefully approve any action that uploads, edits, deletes, or publicly interacts with Vimeo content.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent flow with the Maton API key can make Vimeo API requests through the connected OAuth account within the granted permissions.
The skill relies on Maton-managed OAuth and a Maton API key to act on the connected Vimeo account. This is disclosed and purpose-aligned, but it is still sensitive account authority.
Maton proxies requests to `api.vimeo.com` and automatically injects your OAuth token.
Protect the MATON_API_KEY, use the intended Vimeo connection, and revoke unused Maton/Vimeo connections.
If the user approves the wrong action, videos, folders, showcases, likes, or other Vimeo account data could be changed.
The skill documents actions that can modify Vimeo account content and public-facing activity. The same artifact mitigates this by stating that write operations require explicit user approval.
Upload and manage videos, create showcases and folders, manage likes and watch later, and interact with the Vimeo community.
Before approving any write or delete operation, confirm the exact account, resource, and intended effect; use the Maton-Connection header when multiple accounts exist.