Is basecamp safe?

https://clawhub.ai/byungkyu/basecamp

72
CAUTION

The basecamp skill is a Basecamp 4 API integration that routes all traffic through Maton's third-party proxy gateway. It contains no malicious code, no prompt injection attempts, and exhibited clean installation behavior. However, the architectural decision to proxy all Basecamp API traffic through maton.ai means users must trust Maton with their full Basecamp OAuth credentials and data, creating a significant third-party dependency risk.

Category Scores

Prompt Injection 70/100 · 30%
Data Exfiltration 55/100 · 25%
Code Execution 65/100 · 20%
Clone Behavior 95/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 50/100 · 5%

Findings (7)

MEDIUM All API traffic routed through third-party proxy -30

Every Basecamp API request passes through gateway.maton.ai, which acts as a man-in-the-middle proxy. Maton's servers see the user's full OAuth token, all request/response data, and can log, store, modify, or exfiltrate any Basecamp data. The user must fully trust Maton's infrastructure security and data handling practices.

MEDIUM Bearer token sent to third-party servers -15

The MATON_API_KEY is transmitted as a Bearer token to multiple Maton endpoints (gateway.maton.ai, ctrl.maton.ai). This key effectively grants Maton full access to manage the user's Basecamp connections and data.

MEDIUM Inline Python code blocks executed in user shell -35

The skill contains multiple Python heredoc code blocks that the agent is expected to execute directly via the shell. While these are standard API call patterns, they run with the user's full shell permissions and environment, and access os.environ for credentials.

LOW Cross-skill reference to api-gateway -10

The skill description references another skill by URL ('For other third party apps, use the api-gateway skill (https://clawhub.ai/byungkyu/api-gateway)'), which could lead users to install additional skills that expand the attack surface or introduce new vulnerabilities.

LOW Skill requests broad network access -20

The skill declares it requires network access in its description. While transparent, this grants the agent permission to make outbound HTTP requests to Maton's servers, which is a broader capability than many skills require.

INFO Third-party trust dependency -50

The entire security model depends on trusting Maton (maton.ai) as an intermediary. Users should verify Maton's privacy policy, data retention practices, and security posture before using this skill. A compromise of Maton's infrastructure would expose all connected Basecamp accounts.

INFO Clean installation behavior -5

Installation produced no unexpected network connections, process executions, or filesystem changes. All observed filesystem events were standard system operations from the host environment.