ActiveCampaign
PassAudited by ClawScan on May 13, 2026.
Overview
This skill appears purpose-aligned for managing ActiveCampaign through ClawLink, but pairing it grants delegated access that can read and change marketing data.
Before installing, verify the ClawLink plugin and domain, connect only the intended ActiveCampaign account, review any requested permissions, use previews for changes, and only confirm write or bulk marketing actions you are sure about.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken confirmed action could change customer/contact data or marketing workflows.
The skill can perform business-impacting writes in ActiveCampaign, but it also instructs the agent to use previews and obtain confirmation for write, destructive, external-facing, or bulk actions.
Create or update contacts and list memberships ... Handle bulk or customer-facing marketing changes only after confirmation
Review previews carefully, start with read/search operations, and confirm only the specific changes you intend to make.
The connected integration may access or modify ActiveCampaign data according to the permissions granted.
The skill relies on delegated ClawLink and ActiveCampaign access. This is disclosed and purpose-aligned, but it gives the connected tooling authority under the user's account permissions.
ClawLink ... handles hosted connection flows and credentials ... The resulting device credential is stored locally in OpenClaw's plugin config and is only sent to `claw-link.dev`.
Connect only the intended ActiveCampaign account, use least-privileged scopes where available, and revoke the ClawLink connection when it is no longer needed.
Installing the plugin adds external code and tools that will mediate the ActiveCampaign connection.
The skill depends on a separate plugin that is not included in the supplied artifacts. The install is user-directed and central to the purpose, but the plugin should be evaluated separately.
Install the verified ClawLink plugin: `openclaw plugins install clawhub:clawlink-plugin`
Install the plugin only from the trusted ClawHub source and review the ClawLink verification/source links before pairing accounts.
ActiveCampaign-related requests and potentially contact or campaign data may pass through ClawLink.
Requests, tool discovery, and credential use are mediated by the external ClawLink gateway. The data flow is disclosed and purpose-aligned, but users should recognize the third-party boundary.
ClawLink provides tools dynamically based on what the user has connected ... The resulting device credential ... is only sent to `claw-link.dev`.
Use the official claw-link.dev domain, review ClawLink's documentation/security posture, and avoid connecting accounts or data you do not want mediated by that service.