SendGrid
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: sendgrid Version: 1.0.1 The 'sendgrid' skill provides a standard integration for the SendGrid API, utilizing a proxy service at 'api.maton.ai' to manage OAuth authentication. The SKILL.md file contains legitimate Python examples using 'urllib' to interact with email, contact, and template endpoints, and it correctly identifies the need for a 'MATON_API_KEY' environment variable. No evidence of data exfiltration, malicious execution, or harmful prompt injection was found; the skill's behavior is entirely consistent with its stated purpose.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If approved incorrectly, the agent could send unwanted emails or change SendGrid resources such as contacts, templates, or suppressions.
The skill enables high-impact SendGrid write actions, including email sending and account data changes, but it explicitly frames these as requiring user approval.
Send transactional and marketing emails, manage contacts, templates, suppressions... All write operations require explicit user approval.
Before approving any write action, verify the SendGrid connection, recipients, sender identity, content, target resource, and intended effect.
Anyone or any agent action using the key may be able to act through the connected SendGrid account within the granted permissions.
The skill depends on a Maton API key and a delegated SendGrid OAuth connection, giving the agent access to the connected SendGrid account through Maton.
Authorization: Bearer $MATON_API_KEY ... Maton proxies requests to `api.sendgrid.com` and automatically injects your OAuth token.
Protect the MATON_API_KEY, use the least-privileged SendGrid account/connection available, specify the intended connection when multiple accounts exist, and revoke unused connections.
Email content and contact/account data may pass through both Maton and SendGrid when the skill is used.
SendGrid requests and responses, potentially including email content, contacts, account details, and statistics, flow through the Maton API gateway before reaching SendGrid.
Base URL: https://api.maton.ai/sendgrid/{native-api-path} ... Maton proxies requests to `api.sendgrid.com`Only send necessary data through the gateway, verify that you trust Maton for the connected account, and avoid including unnecessary sensitive information in email/API payloads.