Instantly
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If approved, the agent could create, update, activate, pause, or delete outreach resources in the connected Instantly account.
The skill exposes account-changing API operations for campaigns and leads, including email outreach actions; the requirement for explicit approval helps keep this purpose-aligned.
Create campaigns, manage leads, send emails, or view analytics... All write operations require explicit user approval.
Only approve write actions after checking the target account, campaign or lead list, and the intended effect.
Anyone or any agent process with this key may be able to access the connected service according to the granted permissions.
The skill requires a sensitive API key that authorizes access through Maton to the user's connected Instantly account.
All requests require the Maton API key in the Authorization header: Authorization: Bearer $MATON_API_KEY
Store the MATON_API_KEY securely, avoid sharing logs containing it, and revoke or rotate it if it may have been exposed.
Campaign, lead, account, and analytics data may be routed through Maton's API gateway as part of normal use.
Requests and account data pass through the Maton gateway before reaching Instantly, creating a third-party data boundary users should understand.
Maton proxies requests to `api.instantly.ai` and automatically injects your API key.
Use this only if you trust Maton with the relevant Instantly account data, and use the Maton-Connection header when multiple accounts exist.