Skillv1.0.0

ClawScan security

Api Gateway 1.0.69 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 14, 2026, 5:52 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's declared purpose (a passthrough API gateway) matches its runtime instructions and only requires one API key, but metadata inconsistencies and the fact that a single MATON_API_KEY can be used to manage many OAuth connections warrant caution before installing.
Guidance: This skill appears to do what it claims — act as a passthrough gateway that proxies requests to many third-party APIs using Maton-managed OAuth. Before installing: (1) Verify the publisher (confirm maton.ai ownership and that the registry owner ID matches the vendor) because _meta.json and registry metadata show mismatched owner/version values; (2) Treat MATON_API_KEY as a high-value secret — only put it in secure environment variables and only if you trust Maton to manage OAuth tokens for services you connect; (3) Limit initial usage to low-privilege/test accounts and explicitly review OAuth scopes during the connect flow before authorizing access; (4) Consider whether you need a gateway provider at all — if you prefer direct OAuth per-service, that avoids centralizing tokens; (5) If you proceed and later suspect compromise, rotate the MATON_API_KEY and revoke Maton connections from the provider dashboard. If you want higher assurance, ask the publisher to explain the owner/version mismatch and provide a verifiable signing key or official registry entry.

Review Dimensions

Purpose & Capability: noteThe name/description claim a managed OAuth gateway for 100+ services and the SKILL.md contains examples that call Maton's gateway and control endpoints — requesting MATON_API_KEY is proportional and expected for that purpose. However registry/_meta metadata show inconsistent ownerId and version numbers (registry Owner ID vs _meta.json ownerId, and registry version vs _meta.json version), which could indicate repackaging or a publishing mismatch.
Instruction Scope: okThe runtime instructions are narrowly scoped to calling Maton's endpoints (gateway.maton.ai and ctrl.maton.ai) and to using the MATON_API_KEY for Authorization. The examples do not instruct reading unrelated files or secrets, or sending data to unexpected third-party endpoints. They do show operations that can create/list/delete OAuth connections and to call proxied native APIs — which is expected.
Install Mechanism: okThis is an instruction-only skill (no install spec, no extracted artifacts), so it does not install code or write to disk. That's the lowest-risk install mechanism.
Credentials: concernOnly MATON_API_KEY is required, which is consistent with a managed gateway. But the API key is sensitive: while the SKILL.md states the key alone doesn't grant access to third-party services, in combination with authorized OAuth connections Maton will have access to those services. Also the skill metadata does not mark a 'primary' credential even though a single required env var is declared — this small inconsistency is not critical but worth noting.
Persistence & Privilege: okThe skill does not request always:true and does not attempt to modify other skills or system settings. Autonomous invocation is allowed by default but is not combined here with other high-risk indicators.