Zoho CRM
PassAudited by ClawScan on May 1, 2026.
Overview
The artifacts show a coherent Zoho CRM integration, but it uses a Maton OAuth/API-key proxy that can read and modify CRM data, so users should grant access deliberately.
Before installing, confirm that you trust Maton with Zoho CRM access, connect only the intended CRM account, protect the MATON_API_KEY, and require careful review for any write, delete, bulk, or user-management action.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Approved write, delete, bulk, or user-management requests could alter important CRM data.
The skill exposes broad CRM API operations, including bulk and user-management capabilities. This is aligned with the stated purpose, but mistakes could materially change business records.
Manage leads, contacts, accounts, deals, and other CRM modules with full CRUD operations including search and bulk operations. Also supports organization details, user management...
Carefully review the exact target records and intended effect before approving any create, update, delete, bulk, or user-management operation.
Anyone or any agent session with the Maton API key may be able to act through the connected Zoho CRM account within the granted permissions.
A Maton API key plus a connected OAuth authorization delegates access to the user's Zoho CRM account.
All requests require the Maton API key in the Authorization header... Maton proxies requests to `www.zohoapis.com/crm/v8` and automatically injects your OAuth token.
Use a dedicated, least-privilege Zoho/Maton connection where possible, keep MATON_API_KEY private, and revoke unused connections.
CRM data and requests are processed through a third-party proxy service as part of normal use.
CRM API traffic and OAuth handling pass through the Maton gateway rather than going directly from the user to Zoho.
Maton proxies requests to `www.zohoapis.com/crm/v8` and automatically injects your OAuth token.
Install only if you trust Maton to handle CRM API traffic and OAuth delegation; review the provider's privacy and security practices.