19 API Gateway
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill is not clearly malicious, but it gives an agent broad delegated access to many third-party services through one gateway/API key, including high-impact write, delete, and posting actions.
Install only if you trust Maton and need broad API-gateway access. Use least-privilege OAuth scopes, specify the exact connection for every sensitive request, require confirmation before write/delete/send/purchase actions, and verify the package publisher/version before entering MATON_API_KEY.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If connected accounts have broad permissions, the agent could create, edit, delete, send, or publish data in external services.
The skill exposes raw native API paths rather than narrow task-specific workflows, so an agent can potentially perform any action allowed by the connected service scopes.
“Passthrough proxy for direct access to third-party APIs using managed OAuth connections... The API gateway lets you call native API endpoints directly.”
Use this only with explicit user approval for write/delete/send/purchase actions, narrowly scoped OAuth permissions, and clearly specified apps, endpoints, and resource IDs.
Anyone or any agent workflow with this key may be able to act through the user’s authorized third-party connections.
The Maton API key becomes the control point for using OAuth tokens on authorized third-party services, which is high-impact delegated authority.
“Authorization: Bearer $MATON_API_KEY” and “The API gateway automatically injects the appropriate OAuth token for the target service.”
Protect MATON_API_KEY like a sensitive credential, review OAuth scopes before connecting services, revoke unused connections, and rotate the key if exposed.
Requests could affect an unintended Slack workspace, Google account, CRM, or other connected service.
Defaulting to the oldest active connection can select the wrong workspace/account when multiple connections exist.
“If omitted, the gateway uses the default (oldest) active connection for that app.”
Always specify the intended Maton-Connection header for sensitive actions and remove stale or unused connections.
Users may have less assurance that the reviewed package, registry listing, and claimed publisher are the same artifact.
These packaged metadata values differ from the supplied registry metadata for owner, slug, and version, creating provenance ambiguity for a credentialed integration skill.
"ownerId": "kn75240wq8bnv2qm2xgry748jd80b9r0", "slug": "api-gateway", "version": "1.0.64"
Verify the publisher and version through Maton/ClawHub before granting credentials or OAuth access.
Content from connected services such as email, files, chat, CRM, or finance systems may pass through Maton’s infrastructure.
Third-party API requests and responses are routed through Maton’s gateway, which is central to the design but means sensitive service data transits an additional provider.
“Base URL: https://gateway.maton.ai/{app}/{native-api-path}”Review Maton’s privacy, logging, and retention policies and avoid sending more sensitive data than necessary.
A user or agent might copy example values and send requests to the wrong or nonexistent resource.
Runnable documentation uses a concrete-looking connection identifier instead of a placeholder, which can confuse users or agents about what should be replaced.
"connection_id": "21fd90f9-5935-43cd-b6c8-bde9d915ca80"
Replace all example connection IDs and resource IDs with user-specific placeholders before running commands.