Jeftest

What to check before installing: - Verify publisher identity and provenance: the skill is named 'jeftest' in the registry but the included _meta.json and many files look like Maton's 'api-gateway' documentation and use a different ownerId/slug/version — confirm this artifact wasn't repackaged or tampered with. - Confirm you trust Maton.ai: the MATON_API_KEY is the only required credential, but it acts as the gateway key for calls that use OAuth connections you authorize. Review Maton's security, privacy, and token-handling policies (who can access connection tokens, logging/retention, scopes requested during OAuth). - Principle of least privilege: use a dedicated/non-production Maton account and key when testing, and avoid exposing the key in shared environments. If possible, restrict the key's scope or use short-lived/test credentials. - Test with non-sensitive accounts/data first: exercise the connection flow and ensure the returned connect URLs and API responses behave as documented (connect.maton.ai, gateway.maton.ai, ctrl.maton.ai). - Inspect network endpoints yourself: ensure the hostnames in SKILL.md match Maton’s official docs and TLS certificate owners, and that OAuth redirect URLs are what you expect before authorizing. - If the registry listing or files don't match the publisher you expect, contact the registry operator or Maton support to confirm authenticity before granting access. Because of the metadata/slug/ownerId inconsistencies and the central trust placed in MATON_API_KEY, proceed only after you verify authorship and Maton's security posture or when using a disposable/test key.