Zoho Mail
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: zoho-mail Version: 1.0.6 The zoho-mail skill is a standard API integration that allows an AI agent to manage Zoho Mail accounts via a third-party proxy service (api.maton.ai). The SKILL.md file provides clear instructions and Python examples for common email operations like listing accounts, sending messages, and managing folders. It correctly identifies the need for a MATON_API_KEY and emphasizes user approval for write operations, showing no signs of malicious intent, obfuscation, or unauthorized data exfiltration.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent action using this key could access the connected Zoho Mail integration according to the granted permissions.
The skill requires a Maton API key that authorizes access to the user's connected Zoho Mail account.
All requests require the Maton API key in the Authorization header: Authorization: Bearer $MATON_API_KEY
Use a Maton API key only in trusted environments, revoke it if exposed, and connect only the Zoho Mail account you intend the agent to use.
Your email requests and responses may pass through the Maton service, so privacy depends on trusting that provider's handling of mail data and tokens.
Email API traffic and OAuth-mediated access are routed through Maton's gateway rather than directly to Zoho.
Maton proxies requests to `mail.zoho.com` and automatically injects your OAuth token.
Review Maton's privacy and security posture before connecting sensitive mailboxes, and remove the connection when it is no longer needed.
If misused, the integration could send mail or change mailbox organization, but the artifact instructs the agent to confirm write actions first.
The skill exposes high-impact mailbox actions, including sending and management operations, while also documenting an approval requirement for writes.
Send, receive, search, and manage emails with full folder and label management. ... All write operations require explicit user approval.
Confirm the target account, message, folder, label, and intended effect before approving any send, create, update, or delete action.