ClawHub

Api Gateway 1.0.46

v1.0.0

Connect to 100+ APIs (Google Workspace, Microsoft 365, Notion, Slack, Airtable, HubSpot, etc.) with managed OAuth. Use this skill when users want to interact...

0· 160·1 current·1 all-time
by@mbright4497·duplicate of @kdegeek/api-gateway-1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description claim a passthrough gateway for 100+ APIs and the SKILL.md focuses entirely on calling Maton endpoints (gateway.maton.ai and ctrl.maton.ai) and managing OAuth connections — requiring MATON_API_KEY is proportional. Note: there are small metadata mismatches in the package (_meta.json ownerId/version differs from the registry metadata), which is a packaging/ownership inconsistency to confirm with the publisher.
Instruction Scope
SKILL.md only shows making HTTPS POST/GET/DELETE calls to Maton-managed endpoints and using the MATON_API_KEY Authorization header. It documents the connect flow that returns a browser URL for OAuth; it does not instruct reading unrelated local files, other environment variables, or sending data to unknown external endpoints.
Install Mechanism
Instruction-only skill with no install specification and no code files to execute or download. This is the lowest-risk install profile.
Credentials
Only a single environment variable (MATON_API_KEY) is declared and used in examples. That is expected for an API gateway that requires a bearer key. No unrelated secrets or config paths are requested.
Persistence & Privilege
The skill is not marked always:true, does not request persistent system-wide changes, and contains no install or self-modifying steps. Agent autonomous invocation remains possible (default) but is not combined with broad privileges here.
Assessment
This skill appears to do what it says: it documents how to call Maton’s API gateway and manage OAuth connections using a MATON_API_KEY. Before installing or providing your API key: (1) verify the publisher and homepage (https://maton.ai) match a trusted vendor; (2) confirm the packaging metadata inconsistency (ownerId/version) with the publisher — mismatched metadata can indicate a repackaging or publishing error; (3) treat MATON_API_KEY like any bearer token — do not share it publicly, and use a key with minimal privileges if Maton supports scopes; (4) review any connection URLs returned by the control endpoint before opening them in a browser; (5) if you need stronger assurance, ask the vendor for a security / privacy doc or use an account with limited access and be prepared to rotate/revoke the key if suspicious activity is seen.

Like a lobster shell, security has layers — review code before you run it.

latestvk974ehs785b987dqcscgjxm0w1839fmp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧠 Clawdis
EnvMATON_API_KEY

Comments