SendGrid
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If approved incorrectly, the agent could send unwanted emails or change SendGrid resources such as contacts, templates, or suppressions.
The skill enables high-impact SendGrid write actions, including email sending and account data changes, but it explicitly frames these as requiring user approval.
Send transactional and marketing emails, manage contacts, templates, suppressions... All write operations require explicit user approval.
Before approving any write action, verify the SendGrid connection, recipients, sender identity, content, target resource, and intended effect.
Anyone or any agent action using the key may be able to act through the connected SendGrid account within the granted permissions.
The skill depends on a Maton API key and a delegated SendGrid OAuth connection, giving the agent access to the connected SendGrid account through Maton.
Authorization: Bearer $MATON_API_KEY ... Maton proxies requests to `api.sendgrid.com` and automatically injects your OAuth token.
Protect the MATON_API_KEY, use the least-privileged SendGrid account/connection available, specify the intended connection when multiple accounts exist, and revoke unused connections.
Email content and contact/account data may pass through both Maton and SendGrid when the skill is used.
SendGrid requests and responses, potentially including email content, contacts, account details, and statistics, flow through the Maton API gateway before reaching SendGrid.
Base URL: https://api.maton.ai/sendgrid/{native-api-path} ... Maton proxies requests to `api.sendgrid.com`Only send necessary data through the gateway, verify that you trust Maton for the connected account, and avoid including unnecessary sensitive information in email/API payloads.