← Back to Skills Marketplace

Monday mcp

Name: Monday mcp
Author: maverick

by Maverick · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ✓ Security Clean

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install maverick-monday-mcp

Description

Search, read, and update Monday.com boards, workspaces, items, updates, and columns via Monday.com's hosted MCP server (https://mcp.monday.com/mcp). Use when...

README (SKILL.md)

Monday.com

Quick start

Always invoke through bash {baseDir}/scripts/invoke.sh — never call mcporter directly. The wrapper seeds the OAuth vault from the env-supplied tokens when needed, then calls mcporter.

bash {baseDir}/scripts/invoke.sh call maverick-monday.get_boards
bash {baseDir}/scripts/invoke.sh call maverick-monday.get_workspaces
bash {baseDir}/scripts/invoke.sh call maverick-monday.get_columns board_id=123456789

For structured output (also surfaces transport errors as JSON envelopes — workaround for mcporter #153):

bash {baseDir}/scripts/invoke.sh call --output json maverick-monday.get_boards | jq '.result.content'

Discover available tools and schemas:

bash {baseDir}/scripts/invoke.sh list maverick-monday --schema

Safety

Write operations (create_item, update_item, delete_item, create_update, column changes, board archive/delete actions, and workspace changes) modify Monday.com data visible to the connected account. Confirm clear user intent before invoking write tools — search and read tools are safe to call freely while exploring. Resolve board and workspace IDs first, call get_columns before writing column_values, and fetch item state before updating or commenting.

Authentication

Tokens are provisioned and rotated automatically. If a call returns HTTP 401 that doesn't recover within a few seconds, the OAuth grant has been revoked — re-authorize the integration to refresh credentials.

Data flow

Tool calls travel to Monday.com's hosted MCP service at https://mcp.monday.com/mcp over HTTPS, authenticated via OAuth. Monday.com sees the board, workspace, item, update, and column data referenced by each call. Use this skill for Monday.com-related work only; do not pass unrelated sensitive content through these tools.

Dependencies

mcporter (github.com/steipete/mcporter) — MCP CLI used to invoke Monday.com's hosted MCP server. Auto-installed via npm install -g --ignore-scripts mcporter if missing on PATH (see install spec in frontmatter). The install spec uses unpinned mcporter (npm latest); operators with strict supply-chain controls should override the install to pin a specific version (e.g. mcporter@\x3Cversion>).
jq (stedolan.github.io/jq) — JSON processor used by the vault initializer. System dependency; install via your OS package manager (apt install jq, brew install jq, etc.).
flock (part of util-linux) — file locking used to serialize concurrent vault writes. Available by default on Linux; on macOS install via brew install flock.
shasum (Perl, ships with Digest::SHA) — computes the SHA-256 hashes used to derive the mcporter vault key and the provisioned-token marker. Preinstalled on macOS and on Debian/Ubuntu (incl. the deployed cloudflare/sandbox Ubuntu 22.04 image); on minimal Linux images install perl-Digest-SHA. The script invokes shasum -a 256 rather than GNU sha256sum so it runs on stock macOS without coreutils.

Usage Guidance

Install this only if you want the agent to access and potentially modify Monday.com data for the connected account. Confirm any create/update/delete/archive actions before they run, avoid passing unrelated sensitive content to the tools, protect or revoke the OAuth credentials when needed, and consider pinning the mcporter package for stricter supply-chain control.

Capability Analysis

Type: OpenClaw Skill Name: maverick-monday-mcp Version: 1.0.0 The skill provides a legitimate integration for Monday.com using the mcporter MCP client. The included scripts (init-mcporter.sh and invoke.sh) handle OAuth token provisioning by seeding the local ~/.mcporter/credentials.json vault from environment variables. The implementation follows security best practices, such as using jq's environment variable injection to prevent tokens from appearing in process listings and using SHA-256 hashes for state tracking instead of storing raw credentials in sidecar files. All network activity is directed to the official Monday.com MCP endpoint (https://mcp.monday.com/mcp).

Capability Tags

requires-oauth-tokenrequires-sensitive-credentials

Capability Assessment

ℹ Purpose & Capability

The stated purpose matches the artifacts: it connects to Monday.com's hosted MCP server to search, read, and update Monday.com boards, items, workspaces, updates, and columns. The capability includes high-impact write/delete/archive operations, but these are disclosed.

ℹ Instruction Scope

The instructions scope use to Monday.com-related work and explicitly tell the agent to confirm clear user intent before write operations. Read/search tools are described as safe to use for exploration, which still means they can access connected-account Monday.com data.

ℹ Install Mechanism

The skill installs the npm package mcporter without a pinned version. This is central to the skill and disclosed, but operators with stricter supply-chain requirements should pin or review the dependency.

ℹ Credentials

The required OAuth environment variables are proportionate for a Monday.com integration, but they grant access as the connected account.

ℹ Persistence & Privilege

The wrapper seeds mcporter's local credential vault in the user's home directory and stores a local provision marker hash. This is disclosed and purpose-aligned, but users should understand the credentials persist locally.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install maverick-monday-mcp
After installation, invoke the skill by name or use /maverick-monday-mcp
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Initial public release of maverick-monday-mcp. - Enables searching, reading, and updating Monday.com boards, workspaces, items, updates, and columns via Monday.com's MCP server. - Uses `mcporter` CLI with secure OAuth token management; wrapper script ensures safe invocation. - Provides tool commands for common Monday.com actions and JSON output handling. - Documents dependencies (`mcporter`, `jq`, `flock`, `shasum`) and guides installation. - Includes safety and data flow guidelines to protect user data and confirm intent before writing. - Authentication and credential rotation handled automatically; prompts re-authorization if needed.

Metadata

Slug maverick-monday-mcp

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is Monday mcp?

Search, read, and update Monday.com boards, workspaces, items, updates, and columns via Monday.com's hosted MCP server (https://mcp.monday.com/mcp). Use when... It is an AI Agent Skill for Claude Code / OpenClaw, with 42 downloads so far.

How do I install Monday mcp?

Run "/install maverick-monday-mcp" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Monday mcp free?

Yes, Monday mcp is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Monday mcp support?

Monday mcp is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Monday mcp?

It is built and maintained by Maverick (@maverick); the current version is v1.0.0.

More Skills