ClawHub

Zoho CRM

v1.0.4

Zoho CRM API integration with managed OAuth. Manage leads, contacts, accounts, deals, and other CRM records. Use this skill when users want to read, create,...

6· 12.4k·9 current·11 all-time
by@byungkyu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (Zoho CRM integration with managed OAuth) aligns with the single required environment variable (MATON_API_KEY) and the SKILL.md, which documents using a Maton gateway and Maton control endpoint to manage OAuth connections. The requested artifact (a Maton API key) is coherent with a proxy/gateway integration.
Instruction Scope
Instructions exclusively show HTTP requests to gateway.maton.ai and ctrl.maton.ai and use only MATON_API_KEY; they do not ask to read local files or other env vars. Note: requests are intentionally proxied through Maton rather than to Zoho's api endpoints directly — this is expected for a managed-gateway approach but means CRM data and OAuth flows go through a third party.
Install Mechanism
No install spec and no code files (instruction-only). No downloads or local binaries are required, so there is no install-time risk from archives or third-party packages.
Credentials
Only one env var (MATON_API_KEY) is required, which is proportionate to the described gateway usage. However, this is a Maton API key (not a Zoho key), so granting it gives the Maton service the ability to act on your behalf and see proxied CRM traffic — users should ensure they trust Maton and understand its data handling.
Persistence & Privilege
The skill does not request always:true or other elevated persistent privileges. It is user-invocable and allows autonomous invocation by default (platform normal), but it does not ask to modify other skills or system settings.
Scan Findings in Context
[no_regex_findings] expected: The static scanner found no matches because this is an instruction-only skill with no code files. That absence of findings is expected and not evidence of safety; the runtime behavior will be network calls to Maton endpoints as described in SKILL.md.
Assessment
This skill appears to do what it says: it proxies Zoho CRM operations through Maton and requires a Maton API key. Before installing, verify you trust the Maton service (maton.ai) because your OAuth tokens and CRM data will transit and be managed by their gateway (gateway.maton.ai and ctrl.maton.ai). Check Maton's privacy/security policy, audit who controls the Maton account, and consider rotating the MATON_API_KEY if you later revoke access. If you prefer not to route CRM data via a third party, use a skill that connects directly to Zoho or use your own proxy. Finally, avoid reusing the same MATON_API_KEY in other untrusted contexts and confirm any produced OAuth authorization URLs come from the expected Maton endpoints.

Like a lobster shell, security has layers — review code before you run it.

latestvk972ec7wn028w2988zqf8c72v181a7p5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧠 Clawdis
EnvMATON_API_KEY

Comments