Squarespace
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: squarespace Version: 1.0.1 The squarespace skill provides a standard integration for the Squarespace Commerce API via the Maton.ai proxy service. It includes well-documented instructions for managing products, inventory, orders, and customer profiles using the MATON_API_KEY environment variable. The SKILL.md file explicitly instructs the agent to seek user approval for write operations, and the provided Python and JavaScript examples are transparent, non-obfuscated API calls to the stated service (api.maton.ai).
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent with this key could use the connected Squarespace commerce access allowed by the OAuth connection.
The skill requires a Maton API key that authorizes access to the connected Squarespace account.
All requests require the Maton API key in the Authorization header: Authorization: Bearer $MATON_API_KEY
Keep MATON_API_KEY private, verify the connected Squarespace account before use, and revoke or rotate keys and OAuth connections when no longer needed.
Incorrectly approved requests could alter store inventory, products, orders, customer profiles, or transaction-related records.
The skill can perform commerce write operations, but it documents an approval requirement for mutations.
All write operations require explicit user approval. Before executing any create, update, or delete call, confirm the target resource and intended effect with the user.
Approve only specific, reviewed write actions and confirm the store connection, resource ID, and intended effect before proceeding.
Store data such as orders, customer profiles, inventory, and transactions may pass through the Maton service.
Squarespace API traffic and OAuth-backed access are mediated by the Maton gateway rather than going directly from the user to Squarespace.
Maton proxies requests to `api.squarespace.com` and automatically injects your OAuth token.
Review Maton's privacy and security posture, use least-privilege OAuth access where available, and avoid sending unnecessary customer or transaction data.