Google Play
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent Google Play Developer API integration, but it requires trusting Maton with API-key/OAuth access and can make high-impact Google Play account changes when approved.
Before installing, make sure you trust Maton and the skill publisher, use a dedicated or least-privileged Google Play connection where possible, always specify the intended connection when multiple accounts exist, and carefully review any create, update, or delete operation before approving it.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
65/65 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used carelessly, the agent could alter app monetization, listings, or reviews in a connected Google Play account after approval.
The skill exposes Google Play management operations, including high-impact write actions, but it also documents an approval requirement for create, update, and delete calls.
Manage app listings, subscriptions, in-app purchases, reviews, and more. ... All write operations require explicit user approval.
Approve write operations only after checking the package name, connection ID, target resource, and exact intended change.
Anyone or any agent action with access to the key and connection could interact with the connected Google Play account within the granted permissions.
The skill requires a Maton API key and uses managed OAuth to act on the user's Google Play account.
All requests require the Maton API key in the Authorization header ... Maton proxies requests to `androidpublisher.googleapis.com` and automatically injects your OAuth token.
Keep the MATON_API_KEY secret, connect only the intended Google Play account, review granted OAuth permissions, and revoke unused connections.
Google Play account data and requested changes may pass through Maton's service as part of the integration.
Google Play API requests and responses are routed through the Maton gateway rather than going directly to Google.
Base URL ... `https://api.maton.ai/google-play/{native-api-path}` ... Maton proxies requests to `androidpublisher.googleapis.com`Use this skill only if you trust Maton as the OAuth/API gateway and understand its handling of Google Play data.
Users have less registry-level information to verify who maintains the skill before granting sensitive account access.
The registry metadata does not provide a source repository or homepage, which limits provenance review for a credential-bearing integration.
Source: unknown; Homepage: none
Verify the publisher and Maton service independently before connecting a production Google Play account.