MailerLite
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a coherent MailerLite integration, but it uses a Maton API key and OAuth proxy that can read and change MailerLite account data.
Install this only if you trust Maton and want an agent to operate your MailerLite account. Keep MATON_API_KEY private, select the correct MailerLite connection when multiple accounts exist, and carefully approve each write, delete, campaign, automation, or webhook change before it is executed.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using the configured key through this skill may be able to read or modify MailerLite resources allowed by the OAuth connection.
The skill requires a bearer API key that gives delegated access to the user's connected MailerLite account.
All requests require the Maton API key in the Authorization header: Authorization: Bearer $MATON_API_KEY
Keep MATON_API_KEY secret, use the intended MailerLite connection, and revoke the connection or key when it is no longer needed.
If the user approves the wrong action, the agent could add, update, delete, or otherwise change subscribers and related MailerLite account resources.
The skill exposes high-impact write operations for MailerLite resources, while also documenting an approval requirement.
All write operations require explicit user approval. Before executing any create, update, or delete call, confirm the target resource and intended effect with the user.
Review every write, delete, campaign, automation, webhook, or bulk-contact action before approval, including the exact account, resource IDs, and intended effect.
Subscriber, campaign, and account data may be processed through Maton's API proxy as part of normal operation.
Requests and responses pass through the Maton gateway, which becomes a trust boundary for OAuth-mediated MailerLite access.
Maton proxies requests to `connect.mailerlite.com` and automatically injects your OAuth token.
Use this skill only if you trust Maton with the relevant MailerLite data, and review Maton's connection and privacy controls.
Users have less registry-provided information to verify the publisher and service before granting credentialed access.
The registry metadata does not provide an external source repository or homepage for independent provenance review.
Source: unknown; Homepage: none
Verify the publisher and Maton service independently before configuring MATON_API_KEY or connecting a MailerLite account.