Systeme.io
PassAudited by ClawScan on May 1, 2026.
Overview
This is a disclosed Systeme.io API integration, but it can access and change business account data, so writes and account connections should be reviewed carefully.
Install only if you intend to let the agent manage your Systeme.io account through Maton. Confirm the connected account, keep `MATON_API_KEY` private, require explicit confirmation for all create/update/delete or subscription actions, and revoke connections when no longer needed.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If approved or used incorrectly, the agent could change or delete Systeme.io contacts, tags, memberships, courses, communities, or subscriptions.
The skill documents API operations that can create, update, and delete account resources, while also requiring explicit approval for writes. This is purpose-aligned but high-impact enough for users to notice.
"Create Contact" ... "Update Contact" ... "Delete Contact" ... "All write operations require explicit user approval."
Before any write or delete call, verify the Maton connection, target resource ID, and intended effect; use extra care for deletions or subscription-related changes.
Anyone or any agent process with the API key and authorized connection could access the connected Systeme.io account within the documented scope.
The skill requires a Maton API key and OAuth authorization to act on a connected Systeme.io account. This is expected for the integration, but it is delegated account authority.
"All requests require the Maton API key in the Authorization header" and "Open the returned `url` in a browser to complete OAuth authorization."
Store `MATON_API_KEY` only in trusted environments, revoke unused Maton/Systeme.io connections, and use the `Maton-Connection` header when multiple accounts exist.
Systeme.io request and response data may transit Maton's service as part of the integration.
Requests to Systeme.io are routed through Maton's gateway, so account data and authorization handling pass through a third-party proxy. This is disclosed and central to managed OAuth, but it is a sensitive data-flow boundary.
"https://api.maton.ai/systeme/{native-api-path}" and "Maton proxies requests to `api.systeme.io` and automatically injects your API key."Use this skill only if you trust Maton as the OAuth/API gateway, and avoid sending unnecessary sensitive customer or subscription data through broad requests.