ClawHub

Zoho Projects

v1.0.0

Zoho Projects API integration with managed OAuth. Manage projects, tasks, milestones, tasklists, and team collaboration. Use this skill when users want to ma...

0· 349·0 current·0 all-time
by@byungkyu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Zoho Projects with managed OAuth) matches what the SKILL.md instructs: calls to gateway.maton.ai and ctrl.maton.ai to proxy Zoho API calls and manage OAuth connections. The single required env var (MATON_API_KEY) is appropriate for a gateway-proxied integration.
Instruction Scope
Instructions are scoped to calling Maton endpoints (gateway.maton.ai and ctrl.maton.ai) and managing connections. They do not read arbitrary local files or unrelated environment variables. Important caveat: API requests and OAuth tokens are proxied through maton.ai — the skill will cause your Zoho project data and OAuth tokens to transit through that third-party service.
Install Mechanism
Instruction-only skill with no install spec and no code files; nothing is written to disk during install.
Credentials
Only one env var (MATON_API_KEY) is required, which is proportionate for a gateway-managed OAuth integration. Minor metadata inconsistency: the registry lists no primary credential even though MATON_API_KEY is required, but this is a bookkeeping issue rather than a functional mismatch.
Persistence & Privilege
always:false and no install actions or config writes; the skill does not request elevated persistence or modify other skills. Model invocation is allowed (platform default).
Assessment
This skill proxies Zoho API calls and OAuth via maton.ai and requires a MATON_API_KEY — installing it gives Maton the ability to access your Zoho connections on your behalf. Before installing: (1) confirm you trust maton.ai (review its privacy/security docs and OAuth scope handling), (2) use a dedicated least-privilege API key/account if possible, (3) verify OAuth scopes requested during connection flows, and (4) if you want to limit autonomous behavior, be aware the skill can be invoked by the agent (platform default) and restrict or review usage accordingly. Also note the small metadata inconsistency (no declared primary credential) but this does not affect functionality.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f9f2rfvkcy3xksdjvt7zt8s8218d8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvMATON_API_KEY

Comments