WooCommerce
Security checks across malware telemetry and agentic risk
Overview
This is a disclosed WooCommerce API connector, but it can access and change real store data through Maton, so users should connect only accounts they intend to manage.
Before installing, confirm you trust Maton and the skill publisher, keep MATON_API_KEY private, specify the intended WooCommerce connection when multiple stores are linked, and only approve create, update, delete, or webhook actions after checking their exact business impact.
VirusTotal
65/65 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent action using this key may be able to access connected WooCommerce store data and perform authorized operations.
The skill requires a bearer API key that delegates access to the user's Maton-managed WooCommerce connection.
All requests require the Maton API key in the Authorization header: Authorization: Bearer $MATON_API_KEY
Store MATON_API_KEY securely, connect only the intended WooCommerce store, use least-privilege access where available, and revoke the key or connection when no longer needed.
Approved write actions could change products, orders, customers, coupons, shipping, taxes, reports, webhooks, or connection state in the store.
The skill exposes create, update, and delete authority over WooCommerce resources, but it also clearly requires user confirmation before mutations.
All write operations require explicit user approval. Before executing any create, update, or delete call, confirm the target resource and intended effect with the user.
Review every proposed write or delete action, confirm the exact resource and effect, and avoid approving bulk or irreversible changes unless intended.
Store data, order details, customer information, and requested operations may pass through Maton's API service.
The integration routes WooCommerce API requests and responses through the Maton provider, which is a disclosed third-party data boundary.
Maton proxies requests to your WooCommerce store and automatically handles authentication.
Use this only if you trust Maton with the connected store data, and avoid sending unnecessary sensitive information through the integration.
Users have less registry-level provenance information to verify before granting access to an e-commerce account.
The registry context does not provide a source repository or homepage for independent provenance review, even though the skill asks users to trust a credentialed third-party integration.
Source: unknown; Homepage: none
Verify the publisher and Maton service independently before connecting production WooCommerce stores or sharing credentials.