Native Monday
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone installing and using the skill should understand that it can read Monday.com data available to the supplied token, including boards, items, workspaces, and user details.
The skill requires a personal Monday.com API token, which grants delegated access to the user's Monday.com account data. This is expected for the stated integration.
MONDAY_API_TOKEN=your_token_here
Use a token from the intended Monday.com account, limit its access where Monday.com supports scoping, and avoid sharing command output that contains private board or user information.
The agent may retrieve and display internal Monday.com information when asked to query boards, users, or items.
The script exposes read commands that can list account users and their emails, along with boards and items. These queries are purpose-aligned and read-only, but they can reveal sensitive workspace information.
users(limit: $limit) { id name email enabled }Review prompts before using the skill and avoid requesting broad listings unless you are comfortable exposing that Monday.com information in the agent conversation.