Zoho Bigin
PassAudited by ClawScan on May 1, 2026.
Overview
This is a disclosed Zoho Bigin CRM integration, but it uses a Maton API key/OAuth connection and can read or change CRM records, so users should confirm account and write actions carefully.
Before installing, make sure you trust Maton with access to your Zoho Bigin data, store MATON_API_KEY securely, and require clear confirmation before any create, update, delete, or connection-management action.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used incorrectly, the agent could create, update, or delete important CRM data.
The skill can perform mutating CRM actions, including deletes, which is expected for the stated CRM-management purpose but can affect business records.
Use this skill when users want to read, create, update, or delete CRM records
Approve write/delete actions only after confirming the exact record, account connection, and intended effect.
Anyone or any agent action with this key may be able to access the connected Bigin CRM account according to the granted connection permissions.
The Maton API key is the credential used to access the connected Zoho Bigin account through the managed OAuth service.
All requests require the Maton API key in the Authorization header: Authorization: Bearer $MATON_API_KEY
Keep MATON_API_KEY private, use the intended Maton connection, and revoke or rotate the key if it is exposed.
CRM data and operations pass through a third-party gateway rather than going directly from the agent to Zoho.
CRM requests and responses are routed through the Maton gateway, so the user must trust that provider with the OAuth-mediated data flow.
Maton proxies requests to `www.zohoapis.com/bigin/v2` and automatically injects your OAuth token.
Review Maton's security and privacy posture before connecting sensitive CRM data, and avoid sending unnecessary fields.