Safety Report

Fathom

Name: Fathom
Rating: 5 (11 reviews)
Author: byungkyu

Fathom API integration with managed OAuth. Access meeting recordings, transcripts, summaries, and manage webhooks. Use this skill when users want to retrieve meeting content, search recordings, or set up webhook notifications for new meetings. For other third party apps, use the api-gateway skill (https://clawhub.ai/byungkyu/api-gateway).

15,245Downloads

3Installs

11Stars

6Versions

API Integration4,971 Search & Retrieval2,116 CLI & Shell Tools1,805 Calendar & Scheduling1,462

Security Analysis

medium confidence

Clean0.04 risk

The skill's requests and runtime instructions align with its stated purpose (proxying Fathom via Maton gateway) and it only requires a single gateway API key; nothing in the SKILL.md or manifest appears incoherent or extraneous, though the registry/source metadata is sparse so exercise normal caution.

Feb 11, 20262 files1 concern

Purpose & Capabilityok

Name/description declare a Fathom integration via a Maton-managed gateway; the skill's instructions and endpoints consistently reference maton.ai, gateway.maton.ai, ctrl.maton.ai and Fathom endpoints. The single required env var (MATON_API_KEY) is consistent with using a managed gateway.

Instruction Scopeok

SKILL.md only instructs the agent to make authenticated HTTP requests to the Maton gateway and control endpoints, how to create/list/delete OAuth connections, and how to fetch recordings/transcripts. It does not direct reading unrelated local files, shell history, or other environment variables beyond MATON_API_KEY.

Install Mechanismok

No install spec and no code files (instruction-only). This minimizes disk-write/execute risk; runtime uses Python standard library examples to call network endpoints.

Credentialsnote

Only MATON_API_KEY is required, which is appropriate for a gateway-based integration. Note: this single key likely grants broad access to the user's Maton-managed connections and thus to meeting recordings/transcripts; the SKILL.md references managing multiple OAuth connections. Ensure you understand the scope/permissions of the MATON_API_KEY before use.

Persistence & Privilegeok

Skill is not always-enabled and does not request persistent system modifications or other skills' configs. It allows normal autonomous invocation (disable-model-invocation=false), which is expected for skills; no elevated persistence privileges are requested.

Guidance

This skill appears to do what it says: proxy Fathom API calls through Maton. Before installing, verify the Maton service (maton.ai) is trustworthy for your organization, and consider: 1) treat MATON_API_KEY as sensitive — it likely allows access to meeting recordings/transcripts, so store it securely, rotate it, and scope it if possible; 2) review active OAuth connections in ctrl.maton.ai and only authorize accounts you trust; 3) be cautious about webhooks — ensure webhook endpoints you register are secure and won’t leak meeting data; 4) if you need provenance, ask the publisher for source/repository information (registry metadata lists unknown source/homepage), and prefer skills with verifiable upstream code and a known publisher.

Latest Release

v1.0.5

- No file changes detected between this and the previous version. - No user-facing changes, new features, or fixes are present in this release.

More by @byungkyu

API Gateway

180 stars

Microsoft Excel

30 stars

Todoist

11 stars

Microsoft OneDrive

7 stars

Jira

6 stars

Monday.com

5 stars

Published by @byungkyu on ClawHub