Zoom

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Zoom API skill that needs sensitive credentials and can change real Zoom resources, but those capabilities are disclosed and aligned with its purpose.

Install only if you trust Maton to broker OAuth access to Zoom. Keep MATON_API_KEY, meeting start URLs, join links, passwords, and recording download links private, and require a clear preview plus confirmation before deleting meetings, webinars, recordings, or OAuth connections.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The example response and sample code expose meeting access artifacts such as join URLs, start URLs, and passwords without an explicit warning that these values are sensitive and should not be logged or shared. In this skill context, those values can grant meeting access or host privileges, so normalizing their display in examples increases the chance of accidental disclosure.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal