ManyChat
PassAudited by ClawScan on May 1, 2026.
Overview
This is a disclosed ManyChat integration, but it uses sensitive Maton/ManyChat credentials and can manage or message real subscribers.
Install only if you trust Maton and intend to let the agent manage the connected ManyChat account. Keep MATON_API_KEY and connection URLs private, specify the correct connection when you have multiple accounts, and require explicit confirmation before changing tags, custom fields, subscribers, flows, or sending messages.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If approved, actions could change subscriber data, tags, custom fields, or send messages from the connected ManyChat account.
The skill exposes operations that can change a ManyChat account or send messages, while also disclosing that writes require explicit approval.
Manage subscribers, tags, custom fields, flows, and send messages through chat automation. ... **All write operations require explicit user approval.**
Before any write or message send, require a clear preview of the target account, recipients, IDs, content, and intended effect.
Anyone or any agent with those credentials could potentially access or modify the connected ManyChat resources allowed by the integration.
The skill requires a Maton API key and a connected ManyChat API key, which grants delegated access to the user's ManyChat account.
All requests require the Maton API key in the Authorization header ... Complete the connection by providing your ManyChat API key through the connection URL.
Store MATON_API_KEY securely, avoid sharing connection URLs or API keys, use the least-privileged ManyChat credentials available, and revoke connections that are no longer needed.
Subscriber data, page data, and message content used with this skill may transit the Maton service.
ManyChat API requests, responses, and related subscriber or message data are routed through Maton's gateway rather than going directly from the user to ManyChat.
Maton proxies requests to `api.manychat.com` and automatically injects your API token.
Use this skill only if you trust Maton as an authentication proxy, and avoid sending unnecessary personal or sensitive subscriber data through the integration.