critical
suspicious.exposed_resource_identifier
- Location
- SKILL.md:112
- Finding
- Example code exposes a concrete connection_id instead of a placeholder.
Klaviyo 1.0.4
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.exposed_resource_identifier
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
NoteHigh Confidence
ASI03: Identity and Privilege AbuseWhat this means
Anyone using this skill is allowing Maton’s gateway to act on a connected Klaviyo account according to the requests made.
Why it was flagged
The skill requires a Maton API key and uses managed OAuth to access Klaviyo. This is expected for the integration, but it is delegated account access.
Skill content
All requests require the Maton API key in the Authorization header: Authorization: Bearer $MATON_API_KEY
Recommendation
Use a trusted Maton account, keep MATON_API_KEY private, and ensure the connected Klaviyo account has only the access needed.
NoteMedium Confidence
ASI02: Tool Misuse and ExploitationWhat this means
The agent could help read or change customer profiles, lists, campaigns, flows, catalogs, or webhooks if the user asks it to make those API calls.
Why it was flagged
The skill exposes broad raw API access through a gateway. That is central to the stated purpose, but it can enable sensitive reads and account mutations if used carelessly.
Skill content
Replace `{native-api-path}` with the actual Klaviyo API endpoint path. The gateway proxies requests to `a.klaviyo.com` and automatically injects your OAuth token.Recommendation
Review requests before write, delete, campaign, webhook, or bulk operations; prefer limited filters and explicit IDs.
NoteHigh Confidence
ASI03: Identity and Privilege AbuseWhat this means
A request could affect the wrong Klaviyo workspace or account if multiple connections are active.
Why it was flagged
When multiple Klaviyo connections exist, omitting the Maton-Connection header may route actions to a default connection rather than the one the user intended.
Skill content
If omitted, the gateway uses the default (oldest) active connection.
Recommendation
List active connections and set the Maton-Connection header explicitly for any important read or mutation.
NoteHigh Confidence
ASI09: Human-Agent Trust ExploitationWhat this means
Users or agents might copy the sample ID instead of using their own connection ID, causing failed or unintended requests.
Why it was flagged
The documentation uses a concrete-looking connection_id instead of a placeholder. It is not shown to be a secret, but it could be mistaken for a usable ID.
Skill content
"connection_id": "21fd90f9-5935-43cd-b6c8-bde9d915ca80"
Recommendation
Replace the sample ID with a placeholder in documentation and always use a connection ID returned for the user’s own account.
NoteMedium Confidence
ASI04: Agentic Supply Chain VulnerabilitiesWhat this means
Users have less registry-level information to verify the publisher and version before trusting the credentialed gateway.
Why it was flagged
The skill has limited provenance metadata, and the registry version differs from the packaged _meta.json version shown as 1.0.4. There is no executable install code, so this is a trust/provenance note rather than evidence of malicious behavior.
Skill content
Source: unknown; Homepage: none; Registry version: 1.0.0
Recommendation
Verify the Maton service and publisher out-of-band before connecting a production Klaviyo account.