Basecamp
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used carelessly, the agent could make meaningful changes to Basecamp content such as projects, tasks, messages, schedules, or documents.
The skill can perform broad Basecamp management actions, which may affect business collaboration data. This is purpose-aligned and disclosed.
Manage projects, to-dos, messages, schedules, documents, and team collaboration.
Review and explicitly approve any create, update, or delete action, especially deletes or changes affecting shared projects.
Anyone or any agent with access to the MATON_API_KEY may be able to interact with the connected Basecamp account through Maton.
The skill requires a sensitive API key that delegates access to the user's managed Basecamp OAuth connection.
All requests require the Maton API key in the Authorization header: Authorization: Bearer $MATON_API_KEY
Store the API key securely, avoid sharing it in chat or logs, and revoke or rotate it if exposure is suspected.
Basecamp request and response data may pass through Maton as part of the managed OAuth proxy flow.
The integration routes Basecamp API traffic through a third-party gateway that manages OAuth tokens and account IDs.
Maton proxies requests to `3.basecampapi.com/{account_id}/` and automatically injects your OAuth token and account ID.Use this only if you trust Maton to handle the connected Basecamp account data and review Maton's security and privacy practices.