Zoom Admin
ReviewAudited by ClawScan on May 14, 2026.
Overview
This is a disclosed Zoom admin API skill that uses Maton’s OAuth gateway; the main risk is that authorizing it grants broad Zoom admin access.
Install only if you need Zoom admin automation through Maton. Confirm you are connecting the correct Zoom account, require approval before any write or delete action, and revoke the Maton connection when finished.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If authorized, the agent can access and potentially administer important Zoom account resources.
The skill intentionally requests delegated Zoom admin authority, which is sensitive but consistent with its stated Zoom Admin purpose.
Access the Zoom API with managed OAuth authentication and admin-level scopes. Manage users, meetings, webinars, recordings, and account settings.
Authorize only the intended Zoom admin account, verify the requested OAuth permissions, and revoke the connection when no longer needed.
Incorrect or unauthorized use of write endpoints could change users, meetings, webinars, recordings, or account settings.
The API proxy is broad enough to perform Zoom read/write operations, but the artifact explicitly requires user approval for mutating actions.
Replace `{native-api-path}` with the actual Zoom API endpoint path ... The gateway proxies requests to `api.zoom.us` ... All write operations (POST, PATCH, PUT, DELETE) require explicit user approval.Before any create, update, or delete action, confirm the exact Zoom account, resource ID, action, and expected effect.
Maton’s gateway may process Zoom admin requests and responses, including potentially sensitive user, meeting, webinar, or recording metadata.
The skill relies on a third-party gateway for OAuth token handling and API proxying, so Zoom admin data passes through that provider.
API requests and responses flow through Maton's gateway, which handles OAuth token injection. No credentials are stored in this skill or exposed to the agent.
Use this only if you trust Maton with the relevant Zoom admin data, and avoid requesting or exposing more Zoom data than needed.