ManyChat
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: manychat Version: 1.0.3 The ManyChat skill bundle provides a standard integration for managing ManyChat subscribers and automation via a proxy service (api.maton.ai). The SKILL.md file contains legitimate API documentation, Python code snippets for common operations, and clear instructions for the AI agent, including a security requirement for user approval on write operations. No evidence of malicious intent, data exfiltration, or unauthorized execution was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If approved, actions could change subscriber data, tags, custom fields, or send messages from the connected ManyChat account.
The skill exposes operations that can change a ManyChat account or send messages, while also disclosing that writes require explicit approval.
Manage subscribers, tags, custom fields, flows, and send messages through chat automation. ... **All write operations require explicit user approval.**
Before any write or message send, require a clear preview of the target account, recipients, IDs, content, and intended effect.
Anyone or any agent with those credentials could potentially access or modify the connected ManyChat resources allowed by the integration.
The skill requires a Maton API key and a connected ManyChat API key, which grants delegated access to the user's ManyChat account.
All requests require the Maton API key in the Authorization header ... Complete the connection by providing your ManyChat API key through the connection URL.
Store MATON_API_KEY securely, avoid sharing connection URLs or API keys, use the least-privileged ManyChat credentials available, and revoke connections that are no longer needed.
Subscriber data, page data, and message content used with this skill may transit the Maton service.
ManyChat API requests, responses, and related subscriber or message data are routed through Maton's gateway rather than going directly from the user to ManyChat.
Maton proxies requests to `api.manychat.com` and automatically injects your API token.
Use this skill only if you trust Maton as an authentication proxy, and avoid sending unnecessary personal or sensitive subscriber data through the integration.