Zoho Recruit
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using the configured Maton API key can potentially access the connected Zoho Recruit data allowed by the OAuth connection.
The skill relies on delegated OAuth access to a Zoho Recruit account through Maton. This is purpose-aligned and disclosed, but it is sensitive account authority.
Maton proxies requests to `recruit.zoho.com` and automatically injects your OAuth token.
Use a Maton API key tied only to the intended Zoho Recruit account, protect the key, and revoke unused connections when no longer needed.
Approved write operations could change or remove candidate, job, interview, or application records in Zoho Recruit.
The skill can create, update, and delete recruiting records. This matches the stated purpose, but mistakes could affect business data.
Manage candidates, job openings, interviews, applications, and recruitment workflows with full CRUD operations.
Approve write actions only after reviewing the target resource, account connection, and intended effect.
Candidate and recruiting information requested through the skill may pass through Maton before reaching Zoho Recruit.
Zoho Recruit API traffic is routed through Maton's API gateway. This is disclosed and central to the managed OAuth design, but it means recruiting data flows through a third-party service.
https://api.maton.ai/zoho-recruit/{native-api-path}Confirm that Maton is an acceptable service provider for your recruiting data and avoid sending unnecessary sensitive fields.