MailerLite
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: mailerlite Version: 1.0.3 The mailerlite skill provides a standard integration for managing MailerLite resources via the Maton API gateway (api.maton.ai). The SKILL.md file contains legitimate API documentation and Python code snippets for interacting with subscribers, campaigns, and OAuth connections using the MATON_API_KEY. No evidence of data exfiltration, malicious execution, or prompt injection was found; the skill's behavior is consistent with its stated purpose of providing managed API access.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone using the configured key through this skill may be able to read or modify MailerLite resources allowed by the OAuth connection.
The skill requires a bearer API key that gives delegated access to the user's connected MailerLite account.
All requests require the Maton API key in the Authorization header: Authorization: Bearer $MATON_API_KEY
Keep MATON_API_KEY secret, use the intended MailerLite connection, and revoke the connection or key when it is no longer needed.
If the user approves the wrong action, the agent could add, update, delete, or otherwise change subscribers and related MailerLite account resources.
The skill exposes high-impact write operations for MailerLite resources, while also documenting an approval requirement.
All write operations require explicit user approval. Before executing any create, update, or delete call, confirm the target resource and intended effect with the user.
Review every write, delete, campaign, automation, webhook, or bulk-contact action before approval, including the exact account, resource IDs, and intended effect.
Subscriber, campaign, and account data may be processed through Maton's API proxy as part of normal operation.
Requests and responses pass through the Maton gateway, which becomes a trust boundary for OAuth-mediated MailerLite access.
Maton proxies requests to `connect.mailerlite.com` and automatically injects your OAuth token.
Use this skill only if you trust Maton with the relevant MailerLite data, and review Maton's connection and privacy controls.
Users have less registry-provided information to verify the publisher and service before granting credentialed access.
The registry metadata does not provide an external source repository or homepage for independent provenance review.
Source: unknown; Homepage: none
Verify the publisher and Maton service independently before configuring MATON_API_KEY or connecting a MailerLite account.