Google Drive
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: google-drive Version: 1.0.8 The google-drive skill bundle provides a standard integration for managing Google Drive files via a managed OAuth proxy (api.maton.ai). The SKILL.md file contains legitimate API documentation, usage examples in Python and CLI, and explicitly includes a security instruction requiring the agent to seek user approval for all write operations. No evidence of malicious intent, data exfiltration, or prompt injection was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Commands run through this skill may access or change data in the connected Google Drive account.
The skill requires a Maton API key and uses it to authorize requests that act on a connected Google Drive account.
req.add_header('Authorization', f'Bearer {os.environ["MATON_API_KEY"]}')Use only with a trusted Maton account, connect the intended Google account, and avoid exposing the MATON_API_KEY.
If a user approves the wrong action, files or folders in Google Drive could be created, modified, deleted, or otherwise managed incorrectly.
The skill exposes Drive file-management actions, including write operations, but also clearly instructs the agent to get explicit approval before create, update, or delete calls.
List, search, create, and manage files and folders... All write operations require explicit user approval.
Before approving any write, verify the target file or folder, the connected account, and the exact intended effect.
Drive API requests and responses may pass through Maton before reaching Google, which can involve sensitive file metadata or content depending on the API call.
Google Drive API requests are routed through Maton's service, so Drive request data and delegated OAuth access depend on that provider boundary.
Maton proxies requests to `www.googleapis.com` and automatically injects your OAuth token.
Install only if you trust Maton as an intermediary for Google Drive access and understand the provider's privacy and security model.
Installing the external CLI adds software outside this skill's scanned artifact set.
The documentation recommends installing an external global CLI package, but that package is not included in the instruction-only skill artifacts reviewed here.
npm install -g @maton-ai/cli
Install the CLI only from trusted official sources and keep it updated.