Gmail Litiao
v1.0.0Gmail API integration with managed OAuth. Read, send, and manage emails, threads, labels, and drafts. Use this skill when users want to interact with Gmail....
⭐ 0· 174·1 current·1 all-time
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description claim Gmail API access via managed OAuth and the SKILL.md exclusively documents calling Maton endpoints (gateway.maton.ai, ctrl.maton.ai, connect.maton.ai) using MATON_API_KEY. Requiring a Maton API key is proportionate to that stated purpose. However, repository/packaging metadata (_meta.json) and registry metadata differ (different ownerId, slug and version numbers), and the source/homepage are unknown — this mismatch is a packaging/attribution concern that should be checked.
Instruction Scope
SKILL.md contains only examples and instructions to call the Maton gateway and control endpoints using the MATON_API_KEY and to complete OAuth via a returned URL. It does not instruct the agent to read arbitrary local files, unrelated env vars, or transmit data to unexpected domains beyond the Maton service and Google's proxied API endpoints.
Install Mechanism
This is an instruction-only skill with no install spec and no code files for execution. That minimizes filesystem/write risk; nothing is downloaded or installed by the skill itself.
Credentials
Only one environment variable is required (MATON_API_KEY), which is coherent for a proxied OAuth gateway. Be aware that this single key likely enables the Maton service to access your Google connections and act on your behalf (read/send email, manage labels/drafts). The sensitivity of that single variable is therefore high and should be treated accordingly.
Persistence & Privilege
The skill does not request always:true and does not include install-time behavior that modifies other skills or system-wide config. The agent may invoke the skill autonomously (default), which is expected behavior but worth noting because the MATON_API_KEY would be used whenever the skill is invoked.
Assessment
This skill appears to do what it says: it routes Gmail API calls through Maton's gateway and requires a MATON_API_KEY. Before installing, verify the Maton service and domain (maton.ai) are trustworthy and that you expect a third party to be able to exchange OAuth tokens for your Gmail account. Check the OAuth scopes that will be requested when you open the connect URL, and prefer least-privilege scopes. Investigate the metadata mismatch (_meta.json ownerId/slug/version differ from registry metadata) and confirm the publisher identity if that matters to you. Keep MATON_API_KEY secret, consider using a dedicated account or limited-scope credentials for automation, and limit agent permissions or disable autonomous invocation if you do not want the agent to call this skill without explicit approval.Like a lobster shell, security has layers — review code before you run it.
Runtime requirements
🧠 Clawdis
EnvMATON_API_KEY
latest
Gmail
Access the Gmail API with managed OAuth authentication. Read, send, and manage emails, threads, labels, and drafts.
Quick Start
# List messages
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://gateway.maton.ai/google-mail/gmail/v1/users/me/messages?maxResults=10')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF
Base URL
https://gateway.maton.ai/google-mail/{native-api-path}
Replace {native-api-path} with the actual Gmail API endpoint path. The gateway proxies requests to gmail.googleapis.com and automatically injects your OAuth token.
Authentication
All requests require the Maton API key in the Authorization header:
Authorization: Bearer $MATON_API_KEY
Environment Variable: Set your API key as MATON_API_KEY:
export MATON_API_KEY="YOUR_API_KEY"
Getting Your API Key
- Sign in or create an account at maton.ai
- Go to maton.ai/settings
- Copy your API key
Connection Management
Manage your Google OAuth connections at https://ctrl.maton.ai.
List Connections
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://ctrl.maton.ai/connections?app=google-mail&status=ACTIVE')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF
Create Connection
python <<'EOF'
import urllib.request, os, json
data = json.dumps({'app': 'google-mail'}).encode()
req = urllib.request.Request('https://ctrl.maton.ai/connections', data=data, method='POST')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
req.add_header('Content-Type', 'application/json')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF
Get Connection
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://ctrl.maton.ai/connections/{connection_id}')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF
Response:
{
"connection": {
"connection_id": "21fd90f9-5935-43cd-b6c8-bde9d915ca80",
"status": "ACTIVE",
"creation_time": "2025-12-08T07:20:53.488460Z",
"last_updated_time": "2026-01-31T20:03:32.593153Z",
"url": "https://connect.maton.ai/?session_token=...",
"app": "google-mail",
"metadata": {}
}
}
Open the returned url in a browser to complete OAuth authorization.
Delete Connection
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://ctrl.maton.ai/connections/{connection_id}', method='DELETE')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF
Specifying Connection
If you have multiple Gmail connections, specify which one to use with the Maton-Connection header:
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://gateway.maton.ai/google-mail/gmail/v1/users/me/messages')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
req.add_header('Maton-Connection', '21fd90f9-5935-43cd-b6c8-bde9d915ca80')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF
If omitted, the gateway uses the default (oldest) active connection.
API Reference
List Messages
GET /google-mail/gmail/v1/users/me/messages?maxResults=10
With query filter:
GET /google-mail/gmail/v1/users/me/messages?q=is:unread&maxResults=10
Get Message
GET /google-mail/gmail/v1/users/me/messages/{messageId}
With metadata only:
GET /google-mail/gmail/v1/users/me/messages/{messageId}?format=metadata&metadataHeaders=From&metadataHeaders=Subject&metadataHeaders=Date
Send Message
POST /google-mail/gmail/v1/users/me/messages/send
Content-Type: application/json
{
"raw": "BASE64_ENCODED_EMAIL"
}
List Labels
GET /google-mail/gmail/v1/users/me/labels
List Threads
GET /google-mail/gmail/v1/users/me/threads?maxResults=10
Get Thread
GET /google-mail/gmail/v1/users/me/threads/{threadId}
Modify Message Labels
POST /google-mail/gmail/v1/users/me/messages/{messageId}/modify
Content-Type: application/json
{
"addLabelIds": ["STARRED"],
"removeLabelIds": ["UNREAD"]
}
Trash Message
POST /google-mail/gmail/v1/users/me/messages/{messageId}/trash
Create Draft
POST /google-mail/gmail/v1/users/me/drafts
Content-Type: application/json
{
"message": {
"raw": "BASE64URL_ENCODED_EMAIL"
}
}
Send Draft
POST /google-mail/gmail/v1/users/me/drafts/send
Content-Type: application/json
{
"id": "{draftId}"
}
Get Profile
GET /google-mail/gmail/v1/users/me/profile
Query Operators
Use in the q parameter:
is:unread- Unread messagesis:starred- Starred messagesfrom:email@example.com- From specific senderto:email@example.com- To specific recipientsubject:keyword- Subject contains keywordafter:2024/01/01- After datebefore:2024/12/31- Before datehas:attachment- Has attachments
Code Examples
JavaScript
const response = await fetch(
'https://gateway.maton.ai/google-mail/gmail/v1/users/me/messages?maxResults=10',
{
headers: {
'Authorization': `Bearer ${process.env.MATON_API_KEY}`
}
}
);
Python
import os
import requests
response = requests.get(
'https://gateway.maton.ai/google-mail/gmail/v1/users/me/messages',
headers={'Authorization': f'Bearer {os.environ["MATON_API_KEY"]}'},
params={'maxResults': 10, 'q': 'is:unread'}
)
Notes
- Use
meas userId for the authenticated user - Message body is base64url encoded in the
rawfield - Common labels:
INBOX,SENT,DRAFT,STARRED,UNREAD,TRASH - IMPORTANT: When using curl commands, use
curl -gwhen URLs contain brackets (fields[],sort[],records[]) to disable glob parsing - IMPORTANT: When piping curl output to
jqor other commands, environment variables like$MATON_API_KEYmay not expand correctly in some shell environments. You may get "Invalid API key" errors when piping.
Error Handling
| Status | Meaning |
|---|---|
| 400 | Missing Gmail connection |
| 401 | Invalid or missing Maton API key |
| 429 | Rate limited (10 req/sec per account) |
| 4xx/5xx | Passthrough error from Gmail API |
Troubleshooting: API Key Issues
- Check that the
MATON_API_KEYenvironment variable is set:
echo $MATON_API_KEY
- Verify the API key is valid by listing connections:
python <<'EOF'
import urllib.request, os, json
req = urllib.request.Request('https://ctrl.maton.ai/connections')
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')
print(json.dumps(json.load(urllib.request.urlopen(req)), indent=2))
EOF
Troubleshooting: Invalid App Name
- Ensure your URL path starts with
google-mail. For example:
- Correct:
https://gateway.maton.ai/google-mail/gmail/v1/users/me/messages - Incorrect:
https://gateway.maton.ai/gmail/v1/users/me/messages
Resources
Comments
Loading comments...