ActiveCampaign
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: active-campaign Version: 1.0.7 The active-campaign skill is a legitimate integration for the ActiveCampaign API, utilizing a managed OAuth proxy service at api.maton.ai. The SKILL.md file provides standard documentation and Python examples using urllib.request to manage contacts, deals, and campaigns. It includes explicit instructions for the agent to seek user approval for write operations and shows no signs of data exfiltration, malicious execution, or prompt injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If approved, the assistant can make real changes to contacts, deals, lists, automations, or campaigns in the connected ActiveCampaign account.
The skill can perform create, update, and delete operations on CRM and marketing resources, but it discloses this and requires approval before writes.
Use this skill when users want to manage contacts, deals, tags, lists, automations, or campaigns in ActiveCampaign. ... All write operations require explicit user approval.
Before approving any write, confirm the account, resource ID, exact change, and whether the change is reversible.
Anyone or any agent with the Maton API key may be able to access the connected ActiveCampaign integration according to the key's permissions.
The integration depends on a Maton API key and delegated OAuth access to an ActiveCampaign account.
All requests require the Maton API key in the Authorization header ... Maton proxies requests to `{account}.api-us1.com` and automatically injects your OAuth token.Keep MATON_API_KEY private, use only trusted environments, and revoke unused Maton or ActiveCampaign connections.
ActiveCampaign request and response data may pass through Maton's service as part of the managed OAuth flow.
Requests to ActiveCampaign are routed through Maton's API gateway rather than directly to ActiveCampaign.
Base URL https://api.maton.ai/active-campaign/{native-api-path} ... Maton proxies requests to `{account}.api-us1.com`Use this only if you trust Maton to handle the relevant CRM and marketing data, and avoid sending unnecessary sensitive information.