Constant Contact
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: constant-contact Version: 1.0.5 The skill provides a legitimate integration for Constant Contact via the Maton API gateway (api.maton.ai). The SKILL.md file contains comprehensive documentation and safety instructions that explicitly direct the AI agent to require user approval for all write operations and to default to read-only actions. The provided Python code examples are standard API interactions using built-in libraries, and there is no evidence of malicious intent, data exfiltration, or unauthorized execution.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the wrong account, contact list, campaign, or bulk target is approved, marketing data could be changed or deleted, or emails could be sent to external recipients.
The skill exposes high-impact write and bulk API actions, but it also states that these actions require explicit user approval with specific identifiers.
it can read, create, update, delete, and bulk-modify contacts, email campaigns, contact lists, tags, custom fields, segments, and marketing analytics. All write operations ... require explicit user approval
Use read-only checks first, verify resource IDs and account connection, preview campaigns, and approve write or send actions only when the exact impact is clear.
Anyone or any agent action using this key may be able to access or modify the connected Constant Contact account within the granted scope.
The integration requires a Maton API key that authorizes access to the user's managed Constant Contact connection.
All requests require the Maton API key in the Authorization header: Authorization: Bearer $MATON_API_KEY
Install only if you trust the Maton-managed OAuth flow, protect the MATON_API_KEY, use the intended connection ID, and revoke unused connections promptly.
Contact, campaign, analytics, and account data may pass through the Maton proxy while interacting with Constant Contact.
Constant Contact API traffic and OAuth delegation are routed through the Maton gateway, which is disclosed and central to the managed OAuth design.
Maton proxies requests to `api.cc.email/v3` and automatically injects your OAuth token.
Confirm you trust the Maton gateway for this account, avoid sending unnecessary sensitive data, and include the Maton-Connection header when multiple accounts exist.