Kit

Security checks across malware telemetry and agentic risk

Overview

This Kit integration is a disclosed API helper for managing email marketing data through Maton, with sensitive account access that users should approve carefully.

Install only if you trust Maton with access to the connected Kit account and the subscriber/customer data in it. Keep MATON_API_KEY private, use the Maton-Connection header when multiple accounts exist, and review every write, delete, broadcast, webhook, or subscriber-modification action before approving it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The skill documents transmission and mutation of subscriber records, tags, forms, sequences, broadcasts, custom fields, and webhooks, but it does not clearly warn that subscriber emails and related metadata are privacy-sensitive customer data being sent to an external proxy service. In an agent context, weak privacy disclosure increases the risk of accidental data handling beyond user expectations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal