Api Gateway 1.0.31

Security checks across malware telemetry and agentic risk

Overview

The skill is a legitimate-looking Maton API gateway, but it exposes broad write, delete, admin, email, payment, and webhook powers across many connected services without strong safety scoping or confirmation guidance.

Install only if you intentionally want an agent to call live third-party APIs through Maton. Use least-privilege service connections, prefer read-only scopes where possible, require human confirmation before POST/PUT/PATCH/DELETE, email/send, admin, payment, public posting, or webhook actions, and revoke unused Maton connections promptly.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (58)

Intent-Code Divergence

Medium

Confidence: 94% confidence
Finding: The skill metadata says access is scoped through managed OAuth connections, but this reference explicitly states the router injects an APIKEY header for JotForm. That mismatch can cause operators or downstream agents to overtrust the integration's access controls and misunderstand what credentials are being used, increasing the risk of unauthorized or overly broad API use.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill advertises broad passthrough access to many third-party APIs, including write-capable operations, but does not prominently warn that requests may create, modify, or delete real external data. In an agent setting, this increases the chance of unintended high-impact actions because users or downstream agents may treat examples as routine and safe.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The documentation includes a DELETE connection example without warning that it is destructive and may immediately disrupt future API access for automations or users relying on that connection. In an agent workflow, a deletion example can be executed mechanically, causing service interruption or loss of authorized connectivity.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The reference document includes multiple state-changing operations such as creating appointments and clients, cancelling and rescheduling appointments, and creating/deleting blocks, but it provides no warning that these actions can directly affect real customer schedules and business operations. In an agent skill context, this omission increases the chance an LLM or operator will invoke destructive or user-impacting actions without confirmation, especially because the skill is explicitly designed to call live third-party APIs through authorized OAuth connections.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: This reference documents state-changing operations such as creating contacts, updating contacts, creating accounts, and adding contacts to sequences, but it does not warn that these actions modify third-party systems and may trigger outreach workflows or downstream communications. In an agent skill context, that omission increases the chance that an LLM or user invokes destructive or externally visible actions without informed consent, leading to unintended CRM changes, spam, or compliance issues.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: Stating that authentication is automatic and the router injects the API key without any privacy or data-handling warning can cause users or agents to underestimate that requests send potentially sensitive personal and business data to Apollo, a third-party service. In an API gateway skill, this lack of disclosure materially raises the risk of unintentional data sharing, especially for enrichment, contact, and email-related endpoints.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The reference documents multiple destructive Box operations, including recursive deletion and trash deletion, without any warning about data loss, permanence, or the need for explicit user confirmation. In an agent skill that can invoke third-party APIs through authorized OAuth connections, this omission increases the chance that an agent or user will trigger irreversible actions without understanding the consequences.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The reference documents numerous state-changing and destructive operations such as PATCH, POST, and DELETE without any caution about their effects on bookings, schedules, event types, or account configuration. In an agent context, this increases the chance that an LLM or user invokes high-impact actions without understanding they can modify or delete live calendar data.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: Webhook creation and update endpoints are listed without warning that they can exfiltrate event data to arbitrary external destinations. In an OAuth-enabled API gateway, documenting webhook operations without caution makes it easier for an agent to configure outbound data flows that leak booking or user information outside the trusted environment.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The documentation exposes state-changing Confluence operations (create, update, delete) without any caution about destructive effects, confirmation requirements, or guidance to verify user authorization and target resource identity. In an API-gateway skill that enables real third-party actions via OAuth, this omission increases the chance an agent or user will perform unintended remote modifications or deletions.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: This reference exposes high-impact administrative Dropbox Business operations such as adding members, creating groups, creating team folders, listing member devices, and retrieving audit logs without any inline warning, approval guidance, or indication of the business impact of these actions. In the context of an API gateway skill that can proxy authenticated OAuth-backed requests to third-party services, this increases the risk that an agent or user invokes sensitive admin actions without understanding they modify organization state or access sensitive operational data.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The documentation explicitly shows configuring webhooks to send transcripts, summaries, and action items to an arbitrary external destination_url, but it does not warn that this can export sensitive meeting content outside the original system boundary. In an API-gateway skill that brokers third-party OAuth-backed access, this omission increases the risk that users or downstream agents unintentionally exfiltrate confidential business data to attacker-controlled or misconfigured endpoints.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The reference documents state-changing Firebase endpoints such as project updates and app creation, but it provides no warning that these operations can modify or provision real cloud resources. In an agent skill context, this omission increases the chance that an LLM or user invokes destructive or billable actions without explicit confirmation, especially because the skill is designed to call third-party APIs with authorized OAuth access.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: This reference explicitly documents write-capable GitHub operations such as creating issues, creating pull requests, and merging pull requests, but it does not warn that these actions modify remote repository state or require explicit user confirmation. In an API-gateway skill with OAuth-scoped access to third-party services, this increases the risk that an agent could perform destructive or sensitive actions on behalf of the user without clear safety cues.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The reference includes concrete mutate examples that create a new campaign and enable an existing campaign without any warning that these operations modify live Google Ads resources and can spend real advertising budget. In an API gateway skill with managed OAuth access to third-party accounts, users or downstream agents may copy these examples directly, increasing the risk of unintended state-changing actions against production ad accounts.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The reference includes multiple examples that create or modify Google Analytics properties, data streams, custom dimensions, custom metrics, conversion events, and measurement protocol secrets, but it does not clearly warn that these are administrative, state-changing operations. In an agent skill context, omission of that warning can cause users or downstream agents to invoke destructive or irreversible configuration changes under an authorized OAuth session without appreciating the scope of impact.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The note that 'Authentication is automatic - the router injects the OAuth token' normalizes use of the caller's existing access without warning that requests will act against all Google Analytics accounts and properties reachable by that OAuth connection. In a gateway skill that proxies third-party APIs, this can mislead users or agents into treating calls as low-risk infrastructure actions rather than privileged operations on sensitive business analytics configurations.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: This reference document includes create, update, patch, quick-add, and delete calendar operations but provides no warning that these actions can modify or permanently remove a user's calendar data. In an agent skill context, documentation often shapes tool use directly, so omission of safety guidance increases the risk of unintended destructive actions against user data.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: Stating that authentication is automatic without pairing it with a warning about the scope and sensitivity of calendar access can normalize silent access to private user data. In this OAuth-backed gateway context, the note may lead an agent or integrator to underestimate the privacy and authorization implications of making calendar API calls.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The reference documents deletion and permission-creation operations, but it does not warn that these actions can irreversibly remove data or broaden access to third parties. In an agent skill context, this omission increases the chance that an LLM or user will invoke high-impact actions without confirmation, least-privilege checks, or understanding of the consequences.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The reference documents destructive and modifying Google Forms operations such as create, batchUpdate, updateFormInfo, and deleteItem without any caution that these actions can alter or remove user data. In an agent skill that brokers authenticated access to third-party services, this omission increases the chance that an agent or user will perform irreversible changes without explicit confirmation or awareness of consequences.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The reference exposes endpoints for listing and retrieving form responses but does not warn that responses may contain sensitive personal or business data. Because this skill uses automatically injected OAuth credentials to access third-party services, an agent may retrieve respondent data without sufficient privacy signaling, increasing the risk of over-collection or unintended disclosure.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: This reference explicitly documents state-changing Gmail operations such as sending email, modifying labels, creating and sending drafts, and trashing messages without any caution about user consent, mailbox modification, or sensitive data transmission. In an agent skill that proxies authenticated OAuth access to a user's live mailbox, this can normalize destructive or exfiltration-capable actions and increase the chance an agent invokes them without clear confirmation.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: This reference document includes multiple state-changing and destructive Google Play API operations such as deleting in-app products, cancelling subscriptions, replying to reviews, and committing or deleting edits without any warning that these actions modify production resources. In an agent skill context, examples often become de facto allowed actions, so the lack of caution increases the chance an agent or user invokes irreversible or business-sensitive operations without explicit confirmation.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: This reference documents multiple destructive and privilege-changing admin actions such as deleting users, groups, members, org units, and granting admin rights, but it provides no user-facing safety guidance, confirmation requirements, or impact warnings. In an agent skill context, such omissions increase the chance that an LLM or end user will invoke high-impact operations without understanding the consequences.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal