Google Classroom

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Google Classroom integration that uses Maton OAuth/API access and should be treated as sensitive but not deceptive.

Install only if you intend to let a Maton-mediated OAuth connection access your Google Classroom data. Keep MATON_API_KEY private, verify the selected connection when multiple accounts exist, review write requests carefully before approving them, and revoke unused connections.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The skill documentation exposes capabilities beyond the stated scope in the manifest and security section, including topics, invitations, user profiles, aliases, and coursework materials. This mismatch can mislead users or downstream policy systems about the real authority granted to the skill, increasing the chance of over-broad use without informed consent.

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: The security section claims access is limited to courses, assignments, students, teachers, and announcements, but later sections document broader resources and actions. Misstating permissions is dangerous because it creates a false sense of least privilege and can cause users to authorize actions they did not expect.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal