ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

jef1test

v1.0.0

Connect to 100+ APIs (Google Workspace, Microsoft 365, GitHub, Notion, Slack, Airtable, HubSpot, etc.) with managed OAuth. Use this skill when users want to...

0· 110·0 current·0 all-time
by@hjcloud
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill claims to provide a passthrough gateway for many third-party APIs and only requests a single MATON_API_KEY to authenticate to Maton.ai. That key and the documented endpoints (gateway.maton.ai, ctrl.maton.ai, connect.maton.ai) are coherent with the described functionality.
Instruction Scope
SKILL.md only instructs the agent to call Maton endpoints (gateway, ctrl, connect) and to use the MATON_API_KEY in Authorization headers. It does not instruct reading unrelated files, other environment variables, or exfiltration to unexpected endpoints. OAuth completion is correctly delegated to the connect URL opened in a browser.
Install Mechanism
Instruction-only skill with no install spec and no code files — nothing is written to disk or downloaded by the skill itself.
Credentials
Only MATON_API_KEY is required, which is proportionate to an API gateway skill. However, that single key can enable listing/creating/deleting connections and proxying requests to third-party services once those services are authorized — so the key is powerful and should be treated as a high-value secret.
Persistence & Privilege
always is false and the skill does not request persistent system-wide configuration or modify other skills. Model invocation is permitted (the platform default); nothing in the skill requests elevated or permanent privileges.
Assessment
This skill is internally consistent: it only needs MATON_API_KEY and shows how to call Maton's gateway and connection-control endpoints. Before installing, verify you trust Maton.ai and understand what the API key can do in your environment: it can manage and use any third-party connections you (or your users) have authorized via Maton's connect flow. Keep the API key secret, use least-privilege keys if available, review Maton's privacy/security docs and audit/logging, and consider not enabling automatic/autonomous actions for agents that you don't fully trust. If you need more assurance, request the provider's security documentation or a scoped API key that limits operations.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ehk5se437argsj7j346xpjn834jsn

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧠 Clawdis
EnvMATON_API_KEY

Comments