ClawHub

ActiveCampaign

v1.0.6

ActiveCampaign API integration with managed OAuth. Marketing automation, CRM, contacts, deals, and email campaigns. Use this skill when users want to manage...

3· 3.7k·0 current·0 all-time
by@byungkyu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name and description match the behavior in SKILL.md: all API examples call Maton endpoints (gateway.maton.ai and ctrl.maton.ai) to manage ActiveCampaign resources via managed OAuth. Requesting a MATON_API_KEY is coherent with a gateway/proxy design.
Instruction Scope
Instructions are limited to making HTTP requests to Maton endpoints and using the MATON_API_KEY from environment. They do not instruct reading other system files or unrelated env vars. Note: all requests and OAuth flows are routed through maton.ai domains rather than directly to ActiveCampaign; this is expected but worth auditing because data and OAuth tokens transit a third-party service.
Install Mechanism
Instruction-only skill with no install spec or code files; nothing is written to disk by an installer. This is low-risk from an installation perspective.
Credentials
Only one env var (MATON_API_KEY) is required, which is proportional to the gateway-based design. However, that single key grants the Maton gateway the ability to act on your ActiveCampaign account(s), so protecting and limiting this key is important.
Persistence & Privilege
The skill is not always-enabled and does not request special system persistence. Model invocation is allowed (normal default), so the agent can call the skill autonomously — expected behavior for an integration but something to be aware of because actions will be executed via the external gateway.
Assessment
This skill proxies ActiveCampaign API calls via maton.ai and requires you to set MATON_API_KEY in the environment. Before installing: (1) confirm you trust maton.ai (review their privacy, security practices, and terms), because the gateway will see API requests and tokens; (2) limit where you store MATON_API_KEY (avoid putting it in shared or public environments) and rotate it if compromised; (3) prefer direct ActiveCampaign OAuth if you require minimal third‑party exposure; (4) verify connections and authorizations at https://ctrl.maton.ai and remove unused connections; (5) be aware the agent can invoke the skill autonomously, so review logs and actions performed in your ActiveCampaign account after enabling the skill. If you need higher assurance, request a version that calls ActiveCampaign directly (using official API keys/OAuth) rather than routing via a third party.

Like a lobster shell, security has layers — review code before you run it.

latestvk972d0apxddfg9z08j5h2b8ee581e72g

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🧠 Clawdis
EnvMATON_API_KEY

Comments