Microsoft SharePoint

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed SharePoint integration that uses Maton-managed OAuth and an API key to access and modify SharePoint content, so it is sensitive but purpose-aligned.

Install only if you trust Maton to broker SharePoint access for your organization. Protect MATON_API_KEY like a password, use the least-privileged SharePoint account practical, and explicitly confirm the target file, audience, link scope, and any expiration or revocation plan before approving sharing links or other write operations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill documents creation of sharing links, including potentially broad scopes such as 'anonymous', without warning about data exposure, persistence, or the need for explicit confirmation. In a SharePoint context, this can lead an agent or user to expose internal files outside intended audiences, making the omission security-relevant.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal