Squarespace
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent Squarespace commerce integration, but it delegates store access through Maton and can read or change sensitive business data if authorized.
Install this only if you trust Maton to mediate Squarespace OAuth access and you want the agent to help manage commerce data. Use the correct Maton connection ID, protect the API key, and require careful confirmation before any inventory, product, order, customer, or transaction change.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent with this key could use the connected Squarespace commerce access allowed by the OAuth connection.
The skill requires a Maton API key that authorizes access to the connected Squarespace account.
All requests require the Maton API key in the Authorization header: Authorization: Bearer $MATON_API_KEY
Keep MATON_API_KEY private, verify the connected Squarespace account before use, and revoke or rotate keys and OAuth connections when no longer needed.
Incorrectly approved requests could alter store inventory, products, orders, customer profiles, or transaction-related records.
The skill can perform commerce write operations, but it documents an approval requirement for mutations.
All write operations require explicit user approval. Before executing any create, update, or delete call, confirm the target resource and intended effect with the user.
Approve only specific, reviewed write actions and confirm the store connection, resource ID, and intended effect before proceeding.
Store data such as orders, customer profiles, inventory, and transactions may pass through the Maton service.
Squarespace API traffic and OAuth-backed access are mediated by the Maton gateway rather than going directly from the user to Squarespace.
Maton proxies requests to `api.squarespace.com` and automatically injects your OAuth token.
Review Maton's privacy and security posture, use least-privilege OAuth access where available, and avoid sending unnecessary customer or transaction data.