by 安全扫描
OpenClaw
安全
medium confidenceNULL
评估建议
This skill appears to be what it says: a thin instruction-set that calls Maton gateway endpoints and needs a MATON_API_KEY. Before installing, confirm you trust the Maton service (gateway.maton.ai / ctrl.maton.ai) because the API key grants it access to your Cognito Forms data via OAuth. Treat MATON_API_KEY as sensitive: use least-privilege / per-environment keys if available, rotate/revoke keys if needed, review Maton's privacy/security docs and OAuth connection scopes, and test with non-produc...详细分析 ▾
✓ 用途与能力
Name/description say it proxies Cognito Forms via a managed OAuth gateway and the SKILL.md only requires MATON_API_KEY and uses gateway.maton.ai / ctrl.maton.ai endpoints — this is coherent with the stated purpose. No unrelated services, binaries, or config paths are requested.
✓ 指令范围
Runtime instructions are limited to making HTTP calls to Maton endpoints to list forms, manage entries, and manage OAuth connections; they instruct opening an OAuth url in a browser. The instructions do not direct reading arbitrary system files, other env vars, or exfiltrating data to unknown hosts beyond the Maton gateway.
✓ 安装机制
No install spec and no code files — instruction-only. This minimizes disk-write/execute risk; nothing is downloaded or installed.
✓ 凭证需求
Only a single environment variable (MATON_API_KEY) is required, which is appropriate because the skill routes requests through Maton-managed OAuth. No unrelated credentials or broad filesystem config paths are requested.
✓ 持久化与权限
always is false and the skill is user-invocable; it does not request permanent/global presence or modify other skills. The skill relies on per-use MATON_API_KEY for auth.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.22026/2/9
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install cognito-forms
镜像加速npx clawhub@latest install cognito-forms --registry https://cn.longxiaskill.com