YouTube Analytics
AdvisoryAudited by Static analysis on May 7, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent with the Maton API key could access YouTube Analytics data, and possibly manage analytics groups, for the connected account within the granted scopes.
The skill requires a sensitive Maton API key and a connected Google/YouTube Analytics account, so requests can be made using the user's delegated account access.
All requests require the Maton API key in the Authorization header: Authorization: Bearer $MATON_API_KEY ... Access is scoped to the YouTube channel(s) associated with the connected Google account.
Use a trusted Maton account, keep MATON_API_KEY private, confirm OAuth scopes during connection setup, and revoke the connection or rotate the key if access is no longer needed.
Private channel metrics, revenue-related report queries, and account connection details may be visible to or processed by Maton's service.
YouTube Analytics requests and responses pass through Maton's gateway, which is expected for this integration but creates a third-party data boundary for private analytics and revenue data.
Maton proxies requests to `youtubeanalytics.googleapis.com` and automatically injects your OAuth token.
Install only if you trust Maton to handle YouTube Analytics data and OAuth connections; avoid querying unnecessary sensitive reports and review Maton's privacy/security terms.
If approved incorrectly, the agent could create, change, or delete analytics groups used for reporting.
The skill includes operations that can mutate YouTube Analytics groups or group items, but the artifact clearly instructs the agent to get explicit approval first.
Group management operations (create, update, delete) require explicit user approval. Before executing any group or group item modification, confirm the target resource and intended effect with the user.
Review the exact group, group item, and intended effect before approving any write operation; use read-only report queries unless group management is needed.