Chargebee
AdvisoryAudited by Static analysis on May 3, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used incorrectly, the agent could create, update, cancel, or delete billing-related records after user approval.
The skill exposes write-capable billing API operations; this is aligned with Chargebee administration, but mistakes could affect real customer billing records.
This integration can mutate billing data — approve only specific write actions after checking the exact endpoint, account, resource ID, and consequence.
Use read-only actions first, verify the endpoint, account, resource ID, and financial consequence, and only approve specific write actions.
Anyone with the API key or an over-privileged connection could access or change Chargebee data within the connected account's permissions.
The skill requires a sensitive API key that delegates access through Maton to the connected Chargebee account.
All requests require the Maton API key in the Authorization header: Authorization: Bearer $MATON_API_KEY
Use a least-privilege Chargebee connection, keep the MATON_API_KEY private, rotate it if exposed, and revoke unused connections promptly.
Customer, subscription, and invoice data may transit through Maton's service when the integration is used.
Chargebee API requests and responses pass through the Maton gateway, which is disclosed and purpose-aligned but creates a third-party data boundary for billing data.
The gateway proxies requests to `{subdomain}.chargebee.com` ... and injects authentication.Install only if you trust Maton for Chargebee billing access, review its privacy/security posture, and avoid sending unnecessary sensitive data.