Google Apps Script
ReviewAudited by ClawScan on May 7, 2026.
Overview
No deceptive behavior was found; this is a disclosed Google Apps Script integration that can change or run scripts through a connected Google account, so users should approve each sensitive action carefully.
Before installing, make sure you trust Maton with Google Apps Script API access, store MATON_API_KEY securely, verify which Google account is connected, and require explicit confirmation before creating, updating, deploying, or running any script.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If approved, the agent could create, modify, deploy, or run Apps Script code in the connected Google account.
The skill exposes mutating Google Apps Script actions and remote function execution, which can have side effects, but it also instructs the agent to confirm before performing write or execution actions.
Create and manage Apps Script projects, update script content, manage deployments and versions, execute functions remotely... All write operations require explicit user approval.
Approve only specific, understood actions; confirm the target project, deployment, and function before allowing writes or script execution.
Anyone or any agent workflow using the MATON_API_KEY could act through the connected Google Apps Script account within the granted permissions.
The skill relies on a Maton API key and managed Google OAuth, giving delegated access to Apps Script resources for the connected Google account.
All requests require the Maton API key... Maton proxies requests to `script.googleapis.com` and automatically injects your OAuth token.
Keep the MATON_API_KEY secret, connect only the intended Google account, use the Maton-Connection header when multiple accounts exist, and revoke unused connections.
Project metadata, script content, deployment details, and execution responses may be visible to or processed by the Maton service as part of the integration.
Google Apps Script API traffic is routed through Maton's external gateway, so requests and responses may pass through that provider.
Base URL https://api.maton.ai/google-apps-script/{native-api-path} ... Maton proxies requests to `script.googleapis.com`Review Maton's privacy and security practices before using this with sensitive scripts or data.