CompanyCam
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: companycam Version: 1.0.1 The companycam skill provides a standard integration for the CompanyCam API via the maton.ai proxy service. It uses the MATON_API_KEY for authentication and includes Python snippets for managing projects, photos, and users. The skill documentation in SKILL.md explicitly instructs the agent to seek user approval for write operations, and no evidence of malicious intent, data exfiltration, or unauthorized execution was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent using this key may be able to access the connected CompanyCam account according to the connection's permissions.
The skill requires a bearer API key that grants delegated access to the user's Maton-managed CompanyCam connection.
All requests require the Maton API key in the Authorization header: Authorization: Bearer $MATON_API_KEY
Store the Maton API key securely, connect only the intended CompanyCam account, and revoke or rotate the key if it is no longer needed.
If approved incorrectly, the agent could create, modify, or delete CompanyCam users or business records.
The API reference includes high-impact write and delete operations, but the skill also includes a clear approval requirement before executing them.
Create User ... Update User ... Delete User ... All write operations require explicit user approval.
Before approving any write or delete action, verify the target account, resource ID, and expected effect.
CompanyCam request and response data may pass through Maton as part of the integration.
CompanyCam API traffic is intentionally routed through the Maton gateway, which handles the OAuth token on the user's behalf.
Maton proxies requests to `api.companycam.com/v2` and automatically injects your OAuth token.
Use this skill only if you trust Maton to handle CompanyCam OAuth access and API traffic for your account.