API Gateway

Name and description claim a managed OAuth gateway for many third‑party APIs and the SKILL.md only requires MATON_API_KEY and documents requests to Maton domains (gateway.maton.ai / ctrl.maton.ai). The requested environment variable and declared operations align with the stated purpose.

Runtime instructions are limited to calling Maton control and gateway endpoints and showing examples for calling native third‑party APIs via the gateway. The instructions do not request unrelated files, other environment variables, or system access. They do include examples that can read/modify third‑party resources (e.g., post messages, update Notion pages) — which is expected for a gateway but means the skill can perform destructive actions if the user or connections authorize them.

No install spec and no code files that run locally; this is instruction-only. That minimizes local install risk because nothing is downloaded or written to disk by the skill package itself.

Only one env var (MATON_API_KEY) is required, which is proportionate to a hosted API gateway. However, the MATON_API_KEY is a high-value credential: while the SKILL.md states the key alone does not access third‑party services, a valid key plus any already-authorized connections can be used to call many services and to list/create/delete connections via the control API. Treat it like a master token.

always is false and the skill is user-invocable; it does not request persistent 'always' presence or modify other skills or system-wide settings. Autonomous invocation (default) is normal for skills and not a standalone concern here.