Security audit

Google Meet

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Google Meet integration that uses Maton-managed OAuth; its sensitive meeting access is expected for the purpose but should be used carefully.

Install only if you trust Maton to broker OAuth access to your Google Meet account. Keep MATON_API_KEY private, avoid printing it in shared logs, choose the intended connection when multiple accounts exist, and retrieve participants, recordings, or transcripts only with appropriate meeting-owner or participant consent.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The documentation exposes access to sensitive participant, recording, and transcript endpoints without a clear privacy warning or handling guidance. Because these resources may contain personal data, meeting history, and recorded content, omission of explicit privacy constraints can lead users or downstream agents to retrieve highly sensitive data without adequate consent or minimization.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.