Is klaviyo safe?

https://clawhub.ai/byungkyu/klaviyo

82
SAFE

This is a legitimate Klaviyo API integration skill that proxies all requests through Maton's gateway infrastructure (gateway.maton.ai). The skill contains no malicious code, no hidden instructions, and installed cleanly with no side effects. The primary risk is the inherent trust dependency on Maton as an OAuth intermediary — all customer PII and API traffic flows through their servers. Secondary risk is the broad CRUD access to marketing infrastructure (campaigns, customer data, webhooks) that could be abused if the agent is manipulated.

Category Scores

Prompt Injection 72/100 · 30%
Data Exfiltration 78/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 65/100 · 5%

Findings (8)

MEDIUM All API traffic routed through third-party proxy (Maton) -15

Every Klaviyo API request is proxied through gateway.maton.ai rather than calling a.klaviyo.com directly. The user's MATON_API_KEY and all customer data (PII including emails, names, phone numbers) transits through Maton's infrastructure. This is by design but creates a significant trust dependency on a third party.

MEDIUM Inline executable Python code blocks intended for agent execution -15

The SKILL.md contains dozens of Python heredoc code blocks (python <<'EOF') that an LLM agent would execute directly. While these are standard API examples, they grant the agent the ability to make arbitrary HTTP requests to Maton endpoints and manipulate customer data including sending campaigns and creating webhooks.

LOW Cross-skill reference to api-gateway skill -8

The skill description explicitly directs users to install another skill: 'For other third party apps, use the api-gateway skill (https://clawhub.ai/byungkyu/api-gateway)'. This could be a vector for skill chaining if the referenced skill contains malicious instructions.

MEDIUM Webhook creation enables potential data forwarding to arbitrary endpoints -20

The skill documents how to create webhooks with arbitrary endpoint_url values. A compromised or manipulated agent could create webhooks that forward Klaviyo event data (customer actions, purchases, etc.) to attacker-controlled servers — using Klaviyo's own infrastructure as the exfiltration mechanism.

LOW MATON_API_KEY sent to external service by design -7

The skill requires MATON_API_KEY as an environment variable and sends it as a Bearer token to gateway.maton.ai and ctrl.maton.ai. This is the intended authentication flow but means the API key leaves the local environment.

INFO Python stdlib-only code examples with no obfuscation -5

All code examples use only Python standard library (urllib.request, os, json). No third-party packages, no obfuscated code, no dynamic code generation or eval() calls. The code is transparent and readable.

INFO Clean installation with no side effects 0

The skill installed cleanly with only file extraction. No network connections, no process spawning, no filesystem changes outside the skill directory, and no blocked firewall attempts.

LOW Skill provides destructive API operations without safeguards -5

The skill documents DELETE operations for lists, campaigns, flows, templates, segments, webhooks, and connections without suggesting any confirmation patterns. An agent following these instructions could delete critical marketing infrastructure if given ambiguous user instructions.