ClickFunnels
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: clickfunnels Version: 1.0.3 The ClickFunnels skill provides a standard API integration using the maton.ai proxy service for managed OAuth. The SKILL.md file contains transparent Python and JavaScript examples for interacting with ClickFunnels resources (contacts, orders, etc.) via HTTPS requests to api.maton.ai. It explicitly requires user approval for write operations and shows no signs of data exfiltration, malicious execution, or prompt injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent using this key can access the ClickFunnels resources available through the connected account.
The skill requires a Maton API key that grants delegated access to the connected ClickFunnels account.
All requests require the Maton API key in the Authorization header ... Authorization: Bearer $MATON_API_KEY
Keep MATON_API_KEY private, use the intended Maton connection when multiple accounts exist, and revoke the key or OAuth connection when access is no longer needed.
Approved write actions could change customer records, products, orders, courses, forms, or webhook automation in ClickFunnels.
The skill exposes operations that can change important business data, but the artifact also explicitly requires user approval before writes.
Manage contacts, products, orders, courses, forms, webhooks ... All write operations require explicit user approval.
Before approving any create, update, or delete action, verify the target workspace/account, resource ID, and exact intended effect.
ClickFunnels customer, order, product, and automation data may be handled through Maton's proxy service.
Requests to ClickFunnels are routed through the Maton gateway, so ClickFunnels API requests and responses pass through a third-party service.
Maton proxies requests to `{subdomain}.myclickfunnels.com` and automatically injects your OAuth token.Use this only if you trust Maton to broker the OAuth connection and handle ClickFunnels data appropriately.
Users have less provenance information to confirm the publisher or service relationship before granting API access.
The registry metadata does not provide an external source or homepage for independent verification, though the skill is instruction-only and does not install code.
Source: unknown; Homepage: none
Verify the Maton and ClickFunnels connection flow independently before providing credentials or approving account changes.