CompanyCam
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent using this key may be able to access the connected CompanyCam account according to the connection's permissions.
The skill requires a bearer API key that grants delegated access to the user's Maton-managed CompanyCam connection.
All requests require the Maton API key in the Authorization header: Authorization: Bearer $MATON_API_KEY
Store the Maton API key securely, connect only the intended CompanyCam account, and revoke or rotate the key if it is no longer needed.
If approved incorrectly, the agent could create, modify, or delete CompanyCam users or business records.
The API reference includes high-impact write and delete operations, but the skill also includes a clear approval requirement before executing them.
Create User ... Update User ... Delete User ... All write operations require explicit user approval.
Before approving any write or delete action, verify the target account, resource ID, and expected effect.
CompanyCam request and response data may pass through Maton as part of the integration.
CompanyCam API traffic is intentionally routed through the Maton gateway, which handles the OAuth token on the user's behalf.
Maton proxies requests to `api.companycam.com/v2` and automatically injects your OAuth token.
Use this skill only if you trust Maton to handle CompanyCam OAuth access and API traffic for your account.