Vimeo
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: vimeo Version: 1.0.4 The vimeo skill provides a standard integration for the Vimeo API via a managed OAuth proxy service (api.maton.ai). The SKILL.md file contains benign Python snippets using urllib to perform common video management tasks and explicitly instructs the agent to seek user approval for write operations. No evidence of data exfiltration, malicious execution, or prompt injection was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent flow with the Maton API key can make Vimeo API requests through the connected OAuth account within the granted permissions.
The skill relies on Maton-managed OAuth and a Maton API key to act on the connected Vimeo account. This is disclosed and purpose-aligned, but it is still sensitive account authority.
Maton proxies requests to `api.vimeo.com` and automatically injects your OAuth token.
Protect the MATON_API_KEY, use the intended Vimeo connection, and revoke unused Maton/Vimeo connections.
If the user approves the wrong action, videos, folders, showcases, likes, or other Vimeo account data could be changed.
The skill documents actions that can modify Vimeo account content and public-facing activity. The same artifact mitigates this by stating that write operations require explicit user approval.
Upload and manage videos, create showcases and folders, manage likes and watch later, and interact with the Vimeo community.
Before approving any write or delete operation, confirm the exact account, resource, and intended effect; use the Maton-Connection header when multiple accounts exist.