Google Forms
Security checks across malware telemetry and agentic risk
Overview
This is a coherent Google Forms API gateway skill that uses a Maton API key and OAuth to access and modify Forms, so users should treat it as sensitive but the behavior is disclosed and purpose-aligned.
Use this skill only if you trust Maton to broker access to your Google Forms account. Keep the MATON_API_KEY private, verify the selected Google connection when multiple accounts exist, and approve write operations only after checking the exact target and effect.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent action with this key may be able to access Google Forms data available through the connected Maton account.
The skill requires a bearer API key that grants access through Maton to the user's connected Google Forms account.
All requests require the Maton API key in the Authorization header: Authorization: Bearer $MATON_API_KEY
Keep MATON_API_KEY secret, use the intended Google connection, and revoke or rotate the key if it is exposed.
Incorrectly approved calls could create or modify Google Forms or related form items.
The skill exposes account-mutating API operations, but it also instructs the agent to confirm writes with the user before executing them.
Create forms, add questions, and retrieve responses... All write operations require explicit user approval.
Before approving any write, check the form ID, target account, request body, and intended effect.
Form metadata, questions, and responses may pass through Maton, which can include personal or business-sensitive information.
Google Forms requests and responses flow through a third-party gateway rather than directly between the agent and Google.
Maton proxies requests to `forms.googleapis.com` and automatically injects your OAuth token.
Use the skill only if you trust Maton with the relevant Google Forms data and OAuth connection.
Users have less external information to verify the publisher or implementation behind this OAuth-based integration.
The registry metadata does not provide a source repository or homepage for independent provenance review.
Source: unknown; Homepage: none
Confirm that the listed owner and Maton service are the provider you intend to trust before connecting a Google account.