ClawHub

API Gateway

v1.0.76

Connect to 100+ APIs (Google Workspace, Microsoft 365, GitHub, Notion, Slack, Airtable, HubSpot, etc.) with managed OAuth. Use this skill when users want to...

309· 62.7k·458 current·488 all-time
by@byungkyu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (API gateway for many services) matches the provided instructions and large set of routing/reference files. The only required environment variable is MATON_API_KEY, which is exactly what a managed-proxy service would reasonably need.
Instruction Scope
SKILL.md instructs only how to call Maton endpoints (gateway.maton.ai and ctrl.maton.ai) using the MATON_API_KEY and how to manage OAuth connections; it does not direct the agent to read unrelated files, other environment variables, or send data to unknown endpoints. OAuth completion requires a browser interaction, as documented.
Install Mechanism
No install spec or code is included (instruction-only), so nothing is written to disk or downloaded during install. This is the lowest‑risk install model and matches the skill's content.
Credentials
The skill asks for a single MATON_API_KEY credential, which is proportional and justified for a managed gateway. The README explicitly states the API key alone does not grant access to third‑party services without user OAuth consent.
Persistence & Privilege
always:false and no special install behavior — normal. Note: the skill (if invoked) can call external services on behalf of the agent using Maton-managed OAuth tokens; this is expected for a gateway but increases impact if you grant the agent autonomous invocation rights or if the Maton API key is compromised.
Assessment
This skill is internally consistent but grants programmatic access to Maton.ai, which in turn can access any third-party services for which you complete OAuth flows. Only install it if you trust Maton.ai: keep your MATON_API_KEY secret, review and revoke any unwanted Maton connections (https://maton.ai/settings and the control URLs shown), and limit autonomous agent invocation if you don't want the agent to make external API calls without your approval. If you need tighter control, require manual confirmation before the agent uses the gateway or avoid storing the API key in shared environments.

Like a lobster shell, security has layers — review code before you run it.

latestvk978vec7zy8zbb4zdjps88yn8h843zz3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧠 Clawdis
EnvMATON_API_KEY

Comments