Is mailchimp safe?

https://clawhub.ai/byungkyu/mailchimp

82
SAFE

This is a legitimate Mailchimp API integration skill by Maton that proxies all requests through their OAuth gateway (gateway.maton.ai). The skill contains only documentation with inline code examples — no executable code, install hooks, or suspicious behaviors. The primary consideration is that users must trust Maton as an intermediary for all Mailchimp API traffic and credential handling.

Category Scores

Prompt Injection 78/100 · 30%
Data Exfiltration 75/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 90/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 72/100 · 5%

Findings (7)

MEDIUM API key sent to third-party proxy (Maton) -15

All Mailchimp API requests are routed through gateway.maton.ai, meaning the user's MATON_API_KEY and all Mailchimp data passes through Maton's infrastructure. While this is the intended OAuth proxy design, users should understand they are trusting Maton with their Mailchimp access.

LOW Cross-skill promotion in description -7

The skill description references another skill URL (https://clawhub.ai/byungkyu/api-gateway) and suggests using it 'for other third party apps'. This could nudge users toward installing a broader-access skill.

LOW Implicit shell execution via code examples -15

The skill contains 20+ inline Python/bash code blocks that the agent would execute directly. While all code is benign API calls, this pattern normalizes the agent executing arbitrary code from skill instructions.

LOW Troubleshooting suggests printing API key -10

The troubleshooting section suggests running 'echo $MATON_API_KEY' which would display the key in terminal output and potentially in logs.

INFO Bulk operation capability -8

The skill documents batch operations that could add thousands of subscribers or send campaigns to large audiences. In a compromised session, this could be abused for spam.

INFO No executable code or install hooks 0

The skill contains only documentation (SKILL.md), metadata, and license. No package.json scripts, no git hooks, no executable files. All code is in markdown examples only.

INFO Clean install with no suspicious activity 0

No network connections during install. No unexpected processes spawned. Filesystem activity limited to standard runtime framework operations. The .aws/credentials access was from the openclaw runtime, not the skill.