critical
suspicious.exposed_resource_identifier
- Location
- SKILL.md:103
- Finding
- Example code exposes a concrete connection_id instead of a placeholder.
Gmail 1.0.6
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.exposed_resource_identifier
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
If an agent uses this skill too broadly, it could send messages or alter a mailbox in ways the user did not intend.
Why it was flagged
The documented endpoints let an agent send email, trash messages, and send drafts. These are high-impact Gmail account actions, and the artifacts do not include explicit user-confirmation or containment guidance.
Skill content
POST /google-mail/gmail/v1/users/me/messages/send ... POST /google-mail/gmail/v1/users/me/messages/{messageId}/trash ... POST /google-mail/gmail/v1/users/me/drafts/sendRecommendation
Require explicit user approval before sending, trashing, deleting, or changing mailbox state; prefer draft creation or read-only/metadata operations unless the user clearly requests a write action.
What this means
A user or agent might copy the fixed connection ID and try to use the wrong Gmail connection; it also exposes an account-resource identifier that should not be in a public template.
Why it was flagged
The skill includes a concrete connection identifier in both a sample response and a request header example, rather than using a placeholder.
Skill content
"connection_id": "21fd90f9-5935-43cd-b6c8-bde9d915ca80" ... req.add_header('Maton-Connection', '21fd90f9-5935-43cd-b6c8-bde9d915ca80')Recommendation
Replace the hard-coded UUID with a placeholder such as {connection_id}, and document that users should list and select only their own active connection.
What this means
Email contents, metadata, and mailbox actions may pass through a third-party gateway before reaching Gmail.
Why it was flagged
Gmail API traffic and delegated OAuth use are routed through Maton’s gateway, which is expected for this skill but important for users to understand.
Skill content
The gateway proxies requests to `gmail.googleapis.com` and automatically injects your OAuth token.
Recommendation
Use this only if you trust Maton with Gmail API proxying, and connect only the Google account intended for agent access.
What this means
Users have less independent context for verifying who maintains the skill and whether the Maton endpoints are the intended provider.
Why it was flagged
The registry provides no source repository or homepage, which limits provenance verification for a credential- and email-account integration.
Skill content
Source: unknown; Homepage: none
Recommendation
Verify the publisher and Maton service relationship before providing MATON_API_KEY or authorizing Gmail OAuth access.