Mailchimp
PassAudited by VirusTotal on May 13, 2026.
Overview
Type: OpenClaw Skill Name: mailchimp-marketing Version: 0.1.1 The skill bundle provides instructions for an AI agent to manage Mailchimp via the ClawLink integration service (claw-link.dev). It contains no executable code and focuses on guiding the user through a legitimate OAuth-based pairing process, explicitly instructing the agent not to handle raw credentials and to require user confirmation for destructive actions.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The Mailchimp skill will not work alone; users must trust and install the ClawLink plugin for tool execution and credential handling.
The skill depends on a separate plugin that is not included in the scanned artifact set. The install is user-directed and purpose-aligned, but it adds an external dependency users should verify.
Install the verified ClawLink plugin: `openclaw plugins install clawhub:clawlink-plugin`
Install only the expected ClawLink plugin from the intended ClawHub source and review ClawLink documentation before authorizing account access.
Approving the connection may allow ClawLink/OpenClaw tools to read or modify Mailchimp audiences, subscribers, campaigns, and related marketing data according to the granted scopes.
The skill requires delegated Mailchimp account authorization through ClawLink. This is expected for managing Mailchimp, but it grants access to account data and actions.
ClawLink's hosted page runs whichever provider flow is needed (hosted OAuth) — the user clicks through the Mailchimp login and authorization screen.
Review the Mailchimp authorization scopes, use an account with appropriate permissions, and revoke the ClawLink connection when it is no longer needed.
If a user approves the wrong preview or request, the agent could make real changes to subscribers, campaigns, or email operations.
The skill can perform high-impact Mailchimp operations, including external-facing sends or broad audience changes, but it explicitly requires confirmation for these actions.
Ask for confirmation before destructive, external-facing, or bulk write actions.
Carefully review previews and confirmations, especially for sends, imports, deletions, bulk updates, and audience-wide changes.
Mailchimp requests and results may be handled through ClawLink, so subscriber and campaign information could pass through that integration service.
Mailchimp tool discovery and execution are mediated by the ClawLink gateway rather than fully enumerated in the skill. This is disclosed and central to the design, but users should understand that integration data flows through ClawLink.
ClawLink provides tools dynamically based on what the user has connected. You do not need to know tool names or schemas in advance.
Use this skill only if ClawLink is an acceptable intermediary for the Mailchimp data involved, and review ClawLink privacy/security documentation if needed.