Google Drive
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent Google Drive integration, but it requires trusting Maton with OAuth-backed Drive access and carefully approving any file-changing actions.
Use this skill only if you trust Maton and want an agent to access your Google Drive. Connect the correct Google account, specify the connection ID when multiple accounts exist, protect the MATON_API_KEY, and carefully review every create, update, delete, or sharing-related action before approving it.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
64/64 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Commands run through this skill may access or change data in the connected Google Drive account.
The skill requires a Maton API key and uses it to authorize requests that act on a connected Google Drive account.
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')Use only with a trusted Maton account, connect the intended Google account, and avoid exposing the MATON_API_KEY.
If a user approves the wrong action, files or folders in Google Drive could be created, modified, deleted, or otherwise managed incorrectly.
The skill exposes Drive file-management actions, including write operations, but also clearly instructs the agent to get explicit approval before create, update, or delete calls.
List, search, create, and manage files and folders... All write operations require explicit user approval.
Before approving any write, verify the target file or folder, the connected account, and the exact intended effect.
Drive API requests and responses may pass through Maton before reaching Google, which can involve sensitive file metadata or content depending on the API call.
Google Drive API requests are routed through Maton's service, so Drive request data and delegated OAuth access depend on that provider boundary.
Maton proxies requests to `www.googleapis.com` and automatically injects your OAuth token.
Install only if you trust Maton as an intermediary for Google Drive access and understand the provider's privacy and security model.
Installing the external CLI adds software outside this skill's scanned artifact set.
The documentation recommends installing an external global CLI package, but that package is not included in the instruction-only skill artifacts reviewed here.
npm install -g @maton-ai/cli
Install the CLI only from trusted official sources and keep it updated.