ClawHub

Gmail

v1.0.6

Gmail API integration with managed OAuth. Read, send, and manage emails, threads, labels, and drafts. Use this skill when users want to interact with Gmail. For other third party apps, use the api-gateway skill (https://clawhub.ai/byungkyu/api-gateway).

64· 29.3k·285 current·303 all-time
by@byungkyu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (Gmail API integration) matches the required environment variable (MATON_API_KEY) and the runtime examples target Maton gateway endpoints that proxy Gmail. There are no unrelated credentials or binaries requested.
Instruction Scope
The SKILL.md instructs the agent to call Maton endpoints (gateway.maton.ai, ctrl.maton.ai, connect.maton.ai) and to open an OAuth authorization URL in a browser. That behaviour is consistent with a managed-OAuth proxy. Note: the connection URL returned may include a session_token in the query string (exposed in examples), which should be handled carefully because tokens in URLs can be logged or leaked.
Install Mechanism
This is instruction-only (no install spec, no code files executed). No downloads or install steps are present, which minimizes installation risk.
Credentials
Only MATON_API_KEY is required, which is proportionate for a service that proxies Gmail. However, that single key is high-privilege (it grants Maton access to your Gmail via its OAuth connections), so the user must trust Maton and treat the key like a sensitive credential.
Persistence & Privilege
The skill does not request always:true and is user-invocable only. It does not request system-wide config paths or modify other skills, so its requested persistence/privileges are reasonable.
Assessment
This skill is coherent for accessing Gmail via Maton's managed-OAuth gateway, but installing it means you rely on Maton to handle your Gmail tokens. Before installing: (1) confirm you trust maton.ai and review their privacy/security policies; (2) treat MATON_API_KEY as sensitive — use a key with least privilege and rotate/revoke when no longer needed; (3) be cautious opening authorization URLs (the session_token may appear in the URL and could be exposed in logs); and (4) if you prefer direct control, consider using an integration that talks to Google directly rather than a third‑party proxy.

Like a lobster shell, security has layers — review code before you run it.

latestvk973byhmychf4zdnabh8p82g4n80wdk1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧠 Clawdis
EnvMATON_API_KEY

Comments