ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Maton browse plan — API Gateway

v1.2.4

Guides the user through building and loading the Maton browse-capture Chrome extension from the maton-browse-plan repository (apps/chrome-extension), then co...

0· 15·0 current·0 all-time
byRui Zhao@robert0812
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Requires OAuth token
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill guides building/loading a Chrome extension and combining its exported matonPlan with the API Gateway skill. Requiring MATON_API_KEY (the Maton API credential) matches the described interactions with Maton gateway endpoints.
!
Instruction Scope
SKILL.md instructs the agent to run build commands (npm install / npm run build), load an unpacked Chrome extension, optionally run a native-host installer that registers a native messaging host (writes OS config), and repeatedly fetch a local relay (GET /latest). It also references MATON_RELAY_TOKEN for Authorization header handling even though that env var is not declared. Running npm install/build will execute whatever scripts are in the repo's package.json; registering a native host modifies system config and may require elevated privileges.
Install Mechanism
There is no automated install spec (instruction-only), which is lower risk than arbitrary downloads. However the instructions require the user (or agent with terminal) to run npm install and other repo scripts — these execute code from the repository (possible postinstall scripts or arbitrary node scripts). The native-host installer is optional but performs system-level registration.
!
Credentials
Registry only declares MATON_API_KEY (appropriate). SKILL.md additionally references MATON_RELAY_TOKEN for bearer-auth to the local relay, plus ephemeral envs used in example commands (EXTENSION_ID, NATIVE_MSG_ONLY). MATON_RELAY_TOKEN is not declared in requires.env — the skill's instructions expect access to an additional token not listed, which is an inconsistency and a potential surprise to users.
Persistence & Privilege
The skill is not always-enabled and does not request persistent privileges in metadata. However the optional native-host installation registers a native messaging host (modifies OS/browser config) and could widen the extension's capabilities — this is a system-level change initiated by running the provided installer commands and should be reviewed/consented to by the user.
What to consider before installing
This skill largely does what it says, but there are a few things to check before installing: 1) The skill declares MATON_API_KEY (needed to call Maton services) but the instructions also use MATON_RELAY_TOKEN for the local relay — expect to provide that token separately (it is not declared). 2) The build steps run npm install and npm run build in the repo you clone; inspect package.json and any install/postinstall scripts to ensure you trust the code before running. 3) The optional 'install-native-host' step registers a native messaging host on your machine (writes OS/browser config, may require elevation) — only run it if you understand and consent to that change. 4) The exported matonPlan contains browsing-origin summaries and resource URLs (sensitive browsing-derived data); confirm what of that data will be transmitted to Maton endpoints when the agent compares/suggests connectors. 5) If you want the agent to access the local relay using MATON_RELAY_TOKEN, explicitly set that env var only in a trusted context (avoid sharing it in multi-tenant environments). If you need greater assurance, ask the skill author for explicit documentation that lists all env vars used, the exact network endpoints called, and the exact data sent to Maton services.

Like a lobster shell, security has layers — review code before you run it.

latestvk9714symfxm2d2c3mqaaavfwch84snd8

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

EnvMATON_API_KEY
Primary envMATON_API_KEY

Comments