Brevo
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: brevo-api Version: 1.0.3 The skill provides a legitimate integration with the Brevo API using a managed OAuth proxy service (api.maton.ai). All code snippets in SKILL.md are standard Python and JavaScript implementations for interacting with REST APIs, and the documentation includes explicit safety instructions requiring user approval for write operations. No evidence of malicious intent, data exfiltration, or prompt injection was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using this skill with the key can access Brevo account data and potentially perform actions within the connected Brevo account.
The skill requires a sensitive Maton API key that delegates access to the user's connected Brevo account.
Requires network access and valid Maton API key.
Use a dedicated Maton/Brevo connection where possible, keep MATON_API_KEY private, and revoke the connection if it is no longer needed.
If approved, the agent may create or modify contacts, lists, campaigns, templates, or related Brevo resources.
The skill exposes high-impact Brevo API operations, but it clearly requires confirmation before mutations.
All write operations require explicit user approval. Before executing any create, update, or delete call, confirm the target resource and intended effect with the user.
Review every proposed write/send action carefully, including recipients, target list, connection ID, and expected effect.
Brevo request data flows through a third-party proxy, so the user must trust Maton with the connection and API traffic.
Brevo API requests and delegated OAuth handling pass through the Maton gateway, which is central to the skill's design and is disclosed.
Maton proxies requests to `api.brevo.com` and automatically injects your OAuth token.
Only use this with a Maton account and Brevo connection you trust, and include the `Maton-Connection` header when multiple accounts are available.