Brevo
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a disclosed Brevo integration, but it gives the agent sensitive Brevo account access through Maton and can perform user-approved email/contact actions.
Before installing, confirm you trust Maton as the OAuth/API gateway, keep MATON_API_KEY secret, verify the correct Brevo connection is used, and approve only specific write or send actions after checking recipients and affected resources.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using this skill with the key can access Brevo account data and potentially perform actions within the connected Brevo account.
The skill requires a sensitive Maton API key that delegates access to the user's connected Brevo account.
Requires network access and valid Maton API key.
Use a dedicated Maton/Brevo connection where possible, keep MATON_API_KEY private, and revoke the connection if it is no longer needed.
If approved, the agent may create or modify contacts, lists, campaigns, templates, or related Brevo resources.
The skill exposes high-impact Brevo API operations, but it clearly requires confirmation before mutations.
All write operations require explicit user approval. Before executing any create, update, or delete call, confirm the target resource and intended effect with the user.
Review every proposed write/send action carefully, including recipients, target list, connection ID, and expected effect.
Brevo request data flows through a third-party proxy, so the user must trust Maton with the connection and API traffic.
Brevo API requests and delegated OAuth handling pass through the Maton gateway, which is central to the skill's design and is disclosed.
Maton proxies requests to `api.brevo.com` and automatically injects your OAuth token.
Only use this with a Maton account and Brevo connection you trust, and include the `Maton-Connection` header when multiple accounts are available.