api-gateway

Enables seamless integration with over 100 APIs using managed OAuth for secure external service interactions.

Install this skill

or

1/100

Security score

The api-gateway skill was audited on Mar 3, 2026 and we found 51 security issues across 4 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 508

Template literal with variable interpolation in command context

SourceSKILL.md

508	'Authorization': `Bearer ${process.env.MATON_API_KEY}`

low line 504

Fetch to external URL

SourceSKILL.md

504	const response = await fetch('https://gateway.maton.ai/slack/api/chat.postMessage', {

medium line 297

Webhook reference - potential data exfiltration

SourceSKILL.md

297	- [Asana](references/asana.md) - Tasks, projects, workspaces, webhooks

medium line 303

Webhook reference - potential data exfiltration

SourceSKILL.md

303	- [Calendly](references/calendly.md) - Event types, scheduled events, availability, webhooks

medium line 304

Webhook reference - potential data exfiltration

SourceSKILL.md

304	- [Cal.com](references/cal-com.md) - Event types, bookings, schedules, availability slots, webhooks

medium line 307

Webhook reference - potential data exfiltration

SourceSKILL.md

307	- [ClickFunnels](references/clickfunnels.md) - Contacts, products, orders, courses, webhooks

medium line 309

Webhook reference - potential data exfiltration

SourceSKILL.md

309	- [ClickUp](references/clickup.md) - Tasks, lists, folders, spaces, webhooks

medium line 320

Webhook reference - potential data exfiltration

SourceSKILL.md

320	- [Fathom](references/fathom.md) - Meeting recordings, transcripts, summaries, webhooks

medium line 325

Webhook reference - potential data exfiltration

SourceSKILL.md

325	- [Gumroad](references/gumroad.md) - Products, sales, subscribers, licenses, webhooks

medium line 349

Webhook reference - potential data exfiltration

SourceSKILL.md

349	- [JotForm](references/jotform.md) - Forms, submissions, webhooks

medium line 373

Webhook reference - potential data exfiltration

SourceSKILL.md

373	- [Quo](references/quo.md) - Calls, messages, contacts, conversations, webhooks

medium line 381

Webhook reference - potential data exfiltration

SourceSKILL.md

381	- [Systeme.io](references/systeme.md) - Contacts, tags, courses, communities, webhooks

medium line 382

Webhook reference - potential data exfiltration

SourceSKILL.md

382	- [Tally](references/tally.md) - Forms, submissions, workspaces, webhooks

low line 508

Access to .env file

SourceSKILL.md

508	'Authorization': `Bearer ${process.env.MATON_API_KEY}`

low line 6

External URL reference

SourceSKILL.md

6	Security: The MATON_API_KEY authenticates with Maton.ai but grants NO access to third-party services by itself. Each service requires explicit OAuth authorization by the user through Maton's connect f

low line 13

External URL reference

SourceSKILL.md

13	homepage: "https://maton.ai"

low line 21

External URL reference

SourceSKILL.md

21	Passthrough proxy for direct access to third-party APIs using managed OAuth connections, provided by [Maton](https://maton.ai). The API gateway lets you call native API endpoints directly.

low line 30

External URL reference

SourceSKILL.md

30	req = urllib.request.Request('https://gateway.maton.ai/slack/api/chat.postMessage', data=data, method='POST')

low line 41

External URL reference

SourceSKILL.md

41	https://gateway.maton.ai/{app}/{native-api-path}

low line 66

External URL reference

SourceSKILL.md

66	1. Sign in or create an account at [maton.ai](https://maton.ai)

low line 67

External URL reference

SourceSKILL.md

67	2. Go to [maton.ai/settings](https://maton.ai/settings)

low line 72

External URL reference

SourceSKILL.md

72	Connection management uses a separate base URL: `https://ctrl.maton.ai`

low line 79

External URL reference

SourceSKILL.md

79	req = urllib.request.Request('https://ctrl.maton.ai/connections?app=slack&status=ACTIVE')

low line 98

External URL reference

SourceSKILL.md

98	"url": "https://connect.maton.ai/?session_token=5e9...",

low line 112

External URL reference

SourceSKILL.md

112	req = urllib.request.Request('https://ctrl.maton.ai/connections', data=data, method='POST')

low line 124

External URL reference

SourceSKILL.md

124	req = urllib.request.Request('https://ctrl.maton.ai/connections/{connection_id}')

low line 138

External URL reference

SourceSKILL.md

138	"url": "https://connect.maton.ai/?session_token=5e9...",

low line 152

External URL reference

SourceSKILL.md

152	req = urllib.request.Request('https://ctrl.maton.ai/connections/{connection_id}', method='DELETE')

low line 166

External URL reference

SourceSKILL.md

166	req = urllib.request.Request('https://gateway.maton.ai/slack/api/chat.postMessage', data=data, method='POST')

low line 411

External URL reference

SourceSKILL.md

411	# Native Slack API: POST https://slack.com/api/chat.postMessage

low line 415

External URL reference

SourceSKILL.md

415	req = urllib.request.Request('https://gateway.maton.ai/slack/api/chat.postMessage', data=data, method='POST')

low line 425

External URL reference

SourceSKILL.md

425	# Native HubSpot API: POST https://api.hubapi.com/crm/v3/objects/contacts

low line 429

External URL reference

SourceSKILL.md

429	req = urllib.request.Request('https://gateway.maton.ai/hubspot/crm/v3/objects/contacts', data=data, method='POST')

low line 439

External URL reference

SourceSKILL.md

439	# Native Sheets API: GET https://sheets.googleapis.com/v4/spreadsheets/{id}/values/{range}

low line 442

External URL reference

SourceSKILL.md

442	req = urllib.request.Request('https://gateway.maton.ai/google-sheets/v4/spreadsheets/122BS1sFN2RKL8AOUQjkLdubzOwgqzPT64KfZ2rvYI4M/values/Sheet1!A1:B2')

low line 451

External URL reference

SourceSKILL.md

451	# Native Salesforce API: GET https://{instance}.salesforce.com/services/data/v64.0/query?q=...

low line 454

External URL reference

SourceSKILL.md

454	req = urllib.request.Request('https://gateway.maton.ai/salesforce/services/data/v64.0/query?q=SELECT+Id,Name+FROM+Contact+LIMIT+10')

low line 463

External URL reference

SourceSKILL.md

463	# Native Airtable API: GET https://api.airtable.com/v0/meta/bases/{id}/tables

low line 466

External URL reference

SourceSKILL.md

466	req = urllib.request.Request('https://gateway.maton.ai/airtable/v0/meta/bases/appgqan2NzWGP5sBK/tables')

low line 475

External URL reference

SourceSKILL.md

475	# Native Notion API: POST https://api.notion.com/v1/data_sources/{id}/query

low line 479

External URL reference

SourceSKILL.md

479	req = urllib.request.Request('https://gateway.maton.ai/notion/v1/data_sources/23702dc5-9a3b-8001-9e1c-000b5af0a980/query', data=data, method='POST')

low line 490

External URL reference

SourceSKILL.md

490	# Native Stripe API: GET https://api.stripe.com/v1/customers

low line 493

External URL reference

SourceSKILL.md

493	req = urllib.request.Request('https://gateway.maton.ai/stripe/v1/customers?limit=10')

low line 504

External URL reference

SourceSKILL.md

504	const response = await fetch('https://gateway.maton.ai/slack/api/chat.postMessage', {

low line 521

External URL reference

SourceSKILL.md

521	'https://gateway.maton.ai/slack/api/chat.postMessage',

low line 552

External URL reference

SourceSKILL.md

552	req = urllib.request.Request('https://ctrl.maton.ai/connections')

low line 562

External URL reference

SourceSKILL.md

562	- Correct: `https://gateway.maton.ai/google-mail/gmail/v1/users/me/messages`

low line 563

External URL reference

SourceSKILL.md

563	- Incorrect: `https://gateway.maton.ai/gmail/v1/users/me/messages`

low line 570

External URL reference

SourceSKILL.md

570	req = urllib.request.Request('https://ctrl.maton.ai/connections?app=google-mail&status=ACTIVE')

low line 605

External URL reference

SourceSKILL.md

605	- [API Reference](https://www.maton.ai/docs/api-reference)

low line 606

External URL reference

SourceSKILL.md

606	- [Maton Community](https://discord.com/invite/dBfFAcefs2)

Scanned on Mar 3, 2026

View Security Dashboard

Installation guide →

GitHub Stars 2.2K

Rate this skill

Categorymarketing

UpdatedApril 4, 2026

openclaw api growth-marketer product-marketer marketing-analyst sdr business-development notion slack hubspot airtable marketing sales

openclaw/skills