Vimeo
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent flow with the Maton API key can make Vimeo API requests through the connected OAuth account within the granted permissions.
The skill relies on Maton-managed OAuth and a Maton API key to act on the connected Vimeo account. This is disclosed and purpose-aligned, but it is still sensitive account authority.
Maton proxies requests to `api.vimeo.com` and automatically injects your OAuth token.
Protect the MATON_API_KEY, use the intended Vimeo connection, and revoke unused Maton/Vimeo connections.
If the user approves the wrong action, videos, folders, showcases, likes, or other Vimeo account data could be changed.
The skill documents actions that can modify Vimeo account content and public-facing activity. The same artifact mitigates this by stating that write operations require explicit user approval.
Upload and manage videos, create showcases and folders, manage likes and watch later, and interact with the Vimeo community.
Before approving any write or delete operation, confirm the exact account, resource, and intended effect; use the Maton-Connection header when multiple accounts exist.