Back to skill

Security audit

Google Meet

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Google Meet integration that uses Maton-managed OAuth; its sensitive meeting access is expected for the purpose but should be used carefully.

Install only if you trust Maton to broker OAuth access to your Google Meet account. Keep MATON_API_KEY private, avoid printing it in shared logs, choose the intended connection when multiple accounts exist, and retrieve participants, recordings, or transcripts only with appropriate meeting-owner or participant consent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation exposes access to sensitive participant, recording, and transcript endpoints without a clear privacy warning or handling guidance. Because these resources may contain personal data, meeting history, and recorded content, omission of explicit privacy constraints can lead users or downstream agents to retrieve highly sensitive data without adequate consent or minimization.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.