Native Monday
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent read-only Monday.com helper that uses a Monday API token to display boards, items, workspaces, and users, with no artifact evidence of mutation, persistence, or third-party exfiltration.
This skill appears safe for its stated read-only Monday.com use. Before installing, make sure you are comfortable giving the agent access to Monday.com data available through your token, including board contents and user emails, and avoid broad queries when working with sensitive project information.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone installing and using the skill should understand that it can read Monday.com data available to the supplied token, including boards, items, workspaces, and user details.
The skill requires a personal Monday.com API token, which grants delegated access to the user's Monday.com account data. This is expected for the stated integration.
MONDAY_API_TOKEN=your_token_here
Use a token from the intended Monday.com account, limit its access where Monday.com supports scoping, and avoid sharing command output that contains private board or user information.
The agent may retrieve and display internal Monday.com information when asked to query boards, users, or items.
The script exposes read commands that can list account users and their emails, along with boards and items. These queries are purpose-aligned and read-only, but they can reveal sensitive workspace information.
users(limit: $limit) { id name email enabled }Review prompts before using the skill and avoid requesting broad listings unless you are comfortable exposing that Monday.com information in the agent conversation.