Nango API Integration
WarnAudited by ClawScan on May 10, 2026.
Overview
This is a coherent Nango integration guide, but it gives agents broad access to connected third-party apps and should be reviewed before use.
Treat this as a high-privilege integration helper. Only configure it with least-privilege Nango connections, restrict which providers and endpoints the agent may use, require confirmation for any write or account-changing action, and verify the SDK packages before installing.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A connected agent could call many third-party API endpoints, including endpoints that create or change data, if the user has provided suitable Nango connections.
This defines a raw, generic API proxy where an agent can choose the provider and endpoint. For a service covering many APIs, that creates broad tool authority unless separately constrained.
def call_api(self, provider: str, endpoint: str, connection_id: str, **params):
"""Generic API calling tool for any provider."""
return self.nango.proxy(
provider=provider,
endpoint=endpoint,
connection_id=connection_id,
params=params
)Before use, restrict allowed providers, endpoints, and HTTP methods; require explicit confirmation for write, financial, public-posting, or account-changing actions; and log all calls.
If installed and configured, the agent may gain delegated access to connected services such as Google, Slack, GitHub, Salesforce, Stripe, Notion, and others.
The skill instructs users to provide a Nango secret and downstream provider credentials/API keys. Registry metadata, however, declares no env vars or primary credential, so the high-privilege account boundary is not clearly declared up front.
NANGO_SECRET_KEY=your-secret-key-here ... nango.set_credentials(
provider="stripe",
connection_id="user-stripe-123",
credentials={"api_key": "sk_test_xxx"}
)Declare the Nango secret and provider credentials in metadata, use least-privilege OAuth scopes, separate test and production connections, and revoke unused connections.
Installing the wrong or compromised package could affect the local environment used for API integrations.
The setup relies on external packages installed by name without pinned versions. This is normal for SDK documentation, but users should verify package identity and version before installing.
pip install nango # Node.js npm install @nangohq/node-client
Use trusted package registries, pin versions where possible, and review package provenance before installing.
Provider tools and resources made available through MCP could influence what the agent can see or do.
MCP support can expose tools, resources, and prompts from connected providers into an agent workflow. That is purpose-aligned, but it adds another boundary where tool origin and permissions should be checked.
MCP servers per app - Model Context Protocol support ... The config includes tools, resources, and prompts
Review MCP server configurations, expose only needed tools/resources, and keep provider-specific permissions narrow.