Back to skill

Security audit

Google Tag Manager

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Google Tag Manager API helper, but it can make real GTM changes and should be used carefully with trusted credentials.

Install only if you trust Maton with brokered OAuth access to Google Tag Manager. Keep MATON_API_KEY private, choose the intended connection when multiple connections exist, and require explicit confirmation before any create, update, delete, publish, or user-permission request.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill documentation exposes GTM user-permission management operations, including granting access to other users, but the manifest/description does not clearly declare this highly sensitive capability. That mismatch can mislead agents or users about the true scope of privileged actions the skill can perform, increasing the risk of unauthorized permission changes and persistence in a GTM account.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.