Google Sheets

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Google Sheets integration, but spreadsheet data and OAuth-backed access go through Maton’s third-party API gateway.

Install this only if you trust Maton to broker access to the Google Sheets data you use with it. Use a least-privileged Google account or connection, specify the intended connection when you have multiple accounts, and approve writes or deletes only after checking the spreadsheet ID, range, and exact effect.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill repeatedly instructs users to send spreadsheet contents and authenticated requests through the Maton proxy but does not clearly warn that spreadsheet data and access metadata transit a third-party service rather than going directly to Google. In a Google Sheets integration, this omission matters because spreadsheets often contain sensitive business or personal data, so users may unknowingly expose data to an intermediary.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal