Zoho Projects
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a disclosed Zoho Projects API helper that uses Maton-managed OAuth to read and, with approval, change project data.
This skill is reasonable for managing Zoho Projects if you trust Maton as the OAuth proxy. Set MATON_API_KEY securely, connect only the intended Zoho account, use the Maton-Connection header when multiple accounts exist, and carefully confirm any create, update, or delete operation before allowing it.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If installed and configured, the agent can access Zoho Projects data for the connected account and use the account authority exposed through Maton.
The skill requires a Maton API key to act through a managed OAuth connection, which grants delegated access to the user's connected Zoho Projects account.
All requests require the Maton API key in the Authorization header: Authorization: Bearer $MATON_API_KEY
Use a Maton key and Zoho connection only for the intended account, avoid sharing the key or connection URL, and revoke the connection if you stop using the skill.
Approved write actions could create, modify, or delete project-management records in Zoho Projects.
The skill supports mutating Zoho Projects resources, but it explicitly requires approval before create, update, or delete operations.
All write operations require explicit user approval. Before executing any create, update, or delete call, confirm the target resource and intended effect with the user.
Before approving any write or delete action, verify the target portal, project, task, or connection and the exact intended change.
Zoho Projects data may pass through Maton's proxy as part of normal operation.
Requests and responses for Zoho Projects flow through Maton's API gateway, so project data and delegated authorization depend on that third-party service.
Maton proxies requests to `projectsapi.zoho.com` and automatically injects your OAuth token.
Install only if you trust Maton to handle the connected Zoho Projects data and OAuth flow, and review Maton's account and connection settings.