fal.ai
Security checks across malware telemetry and agentic risk
Overview
This appears to be a coherent instruction-only fal.ai gateway skill, but it requires Maton/fal.ai credential access and sends model requests through Maton’s external gateway.
This skill looks purpose-aligned, but install it only if you trust Maton’s gateway and credential-management flow. Keep your Maton API key and any returned connection/session URLs private, and review any state-changing actions such as creating, deleting, or canceling connections before the agent performs them.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can act through your Maton-authenticated account connection to run fal.ai model requests and manage that connection.
The skill requires a Maton bearer token and also guides the user to connect a fal.ai API key through Maton-managed connection flow.
All requests require the Maton API key in the Authorization header ... Authorization: Bearer $MATON_API_KEY ... Open the returned `url` in a browser to enter your fal.ai API key.
Install only if you trust Maton to broker fal.ai access, keep MATON_API_KEY private, and treat connection URLs or session tokens as sensitive.
If used unintentionally, these API calls could remove or change the configured fal.ai connection.
The documentation includes direct API examples that can mutate connection state, such as deleting a Maton fal.ai connection.
### Delete Connection ... Request('https://ctrl.maton.ai/connections/{connection_id}', method='DELETE')Confirm any create, delete, cancel, or other state-changing API action before allowing the agent to run it.
Prompts, media inputs, and request metadata may be processed by external Maton and fal.ai services.
The skill clearly routes requests through Maton’s gateway to fal.ai, so user prompts and model inputs leave the local environment.
Base URL ... https://gateway.maton.ai/fal-ai/{native-api-path} ... The gateway proxies requests to `queue.fal.run`.Avoid sending sensitive prompts, audio, images, or other private media unless you are comfortable with those external service boundaries.