Basecamp
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: basecamp Version: 1.0.3 This skill provides a standard integration for the Basecamp API via a managed OAuth proxy service (api.maton.ai). The SKILL.md file contains well-documented Python snippets for managing projects, to-dos, and team collaboration, using a required MATON_API_KEY for authentication. No evidence of malicious intent, data exfiltration, or unauthorized execution was found; the code and instructions are consistent with the stated purpose of providing a simplified API interface.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used carelessly, the agent could make meaningful changes to Basecamp content such as projects, tasks, messages, schedules, or documents.
The skill can perform broad Basecamp management actions, which may affect business collaboration data. This is purpose-aligned and disclosed.
Manage projects, to-dos, messages, schedules, documents, and team collaboration.
Review and explicitly approve any create, update, or delete action, especially deletes or changes affecting shared projects.
Anyone or any agent with access to the MATON_API_KEY may be able to interact with the connected Basecamp account through Maton.
The skill requires a sensitive API key that delegates access to the user's managed Basecamp OAuth connection.
All requests require the Maton API key in the Authorization header: Authorization: Bearer $MATON_API_KEY
Store the API key securely, avoid sharing it in chat or logs, and revoke or rotate it if exposure is suspected.
Basecamp request and response data may pass through Maton as part of the managed OAuth proxy flow.
The integration routes Basecamp API traffic through a third-party gateway that manages OAuth tokens and account IDs.
Maton proxies requests to `3.basecampapi.com/{account_id}/` and automatically injects your OAuth token and account ID.Use this only if you trust Maton to handle the connected Basecamp account data and review Maton's security and privacy practices.