CallRail
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: callrail Version: 1.0.2 The skill provides a standard integration for the CallRail API using a managed OAuth proxy service (api.maton.ai). The provided Python snippets in SKILL.md use standard libraries to interact with the API and manage connections, requiring a MATON_API_KEY environment variable. No evidence of data exfiltration, malicious execution, or prompt injection was found; the instructions explicitly emphasize user approval for write operations.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent action using this key may be able to access the connected CallRail account within the granted permissions.
The skill requires a bearer API key that authorizes access to a managed CallRail OAuth connection.
All requests require the Maton API key in the Authorization header: Authorization: Bearer $MATON_API_KEY
Store the Maton API key securely, connect only the intended CallRail account, and revoke the key or OAuth connection when it is no longer needed.
If approved incorrectly, the agent could change or delete CallRail resources such as connections, companies, trackers, or tags.
The skill supports write/delete actions against CallRail resources, but it documents an approval requirement before those actions.
All write operations require explicit user approval. Before executing any create, update, or delete call, confirm the target resource and intended effect with the user.
Review every proposed write or delete action, confirm the account/resource ID, and avoid approving broad or unclear changes.
CallRail request and response data may pass through Maton, including potentially sensitive call/account information.
CallRail API traffic and OAuth token handling are routed through the Maton service rather than directly to CallRail.
Maton proxies requests to `api.callrail.com` and automatically injects your OAuth token.
Install only if you trust Maton as the OAuth/API proxy and are comfortable routing CallRail data through that service.