Constant Contact
ReviewAudited by ClawScan on May 1, 2026.
Overview
This is a disclosed Constant Contact integration, but it uses delegated OAuth/API access and can make high-impact marketing changes that users should approve carefully.
Before installing, make sure you need an agent to administer Constant Contact, trust the Maton OAuth gateway, protect the MATON_API_KEY, and require explicit confirmation for any contact deletion, bulk list change, import, or campaign send/schedule action.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the wrong account, contact list, campaign, or bulk target is approved, marketing data could be changed or deleted, or emails could be sent to external recipients.
The skill exposes high-impact write and bulk API actions, but it also states that these actions require explicit user approval with specific identifiers.
it can read, create, update, delete, and bulk-modify contacts, email campaigns, contact lists, tags, custom fields, segments, and marketing analytics. All write operations ... require explicit user approval
Use read-only checks first, verify resource IDs and account connection, preview campaigns, and approve write or send actions only when the exact impact is clear.
Anyone or any agent action using this key may be able to access or modify the connected Constant Contact account within the granted scope.
The integration requires a Maton API key that authorizes access to the user's managed Constant Contact connection.
All requests require the Maton API key in the Authorization header: Authorization: Bearer $MATON_API_KEY
Install only if you trust the Maton-managed OAuth flow, protect the MATON_API_KEY, use the intended connection ID, and revoke unused connections promptly.
Contact, campaign, analytics, and account data may pass through the Maton proxy while interacting with Constant Contact.
Constant Contact API traffic and OAuth delegation are routed through the Maton gateway, which is disclosed and central to the managed OAuth design.
Maton proxies requests to `api.cc.email/v3` and automatically injects your OAuth token.
Confirm you trust the Maton gateway for this account, avoid sending unnecessary sensitive data, and include the Maton-Connection header when multiple accounts exist.