Zoho Mail
PassAudited by ClawScan on May 1, 2026.
Overview
This is a clearly disclosed Zoho Mail integration, but it handles sensitive email access through Maton-managed OAuth and should be installed only if you trust that gateway.
Install this only if you trust Maton to proxy Zoho Mail access and you are comfortable letting the agent read and manage the connected mailbox. Be especially careful before approving send, update, or delete actions.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent action using this key could access the connected Zoho Mail integration according to the granted permissions.
The skill requires a Maton API key that authorizes access to the user's connected Zoho Mail account.
All requests require the Maton API key in the Authorization header: Authorization: Bearer $MATON_API_KEY
Use a Maton API key only in trusted environments, revoke it if exposed, and connect only the Zoho Mail account you intend the agent to use.
Your email requests and responses may pass through the Maton service, so privacy depends on trusting that provider's handling of mail data and tokens.
Email API traffic and OAuth-mediated access are routed through Maton's gateway rather than directly to Zoho.
Maton proxies requests to `mail.zoho.com` and automatically injects your OAuth token.
Review Maton's privacy and security posture before connecting sensitive mailboxes, and remove the connection when it is no longer needed.
If misused, the integration could send mail or change mailbox organization, but the artifact instructs the agent to confirm write actions first.
The skill exposes high-impact mailbox actions, including sending and management operations, while also documenting an approval requirement for writes.
Send, receive, search, and manage emails with full folder and label management. ... All write operations require explicit user approval.
Confirm the target account, message, folder, label, and intended effect before approving any send, create, update, or delete action.