Gmail Litiao

Security checks across malware telemetry and agentic risk

Overview

This Gmail skill is coherent but gives an agent powerful mailbox access without enough safety guidance around sending, trashing, and connection changes.

Install only if you trust Maton with access to your Gmail account. Use your own MATON_API_KEY and your own connection ID, avoid copying the example UUID, and require clear confirmation before sending email, trashing messages, changing labels in bulk, or deleting OAuth connections.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (2)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The skill description is broad enough to match generic email-related requests and routes users into a high-privilege Gmail integration capable of reading, sending, deleting, and modifying mailbox data. In an agent setting, over-broad invocation criteria can cause unintended activation and sensitive actions without sufficiently explicit user intent.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The documentation includes destructive mailbox operations such as trashing messages without warning about irreversible or user-impacting consequences. In an agent workflow, this increases the chance that an autonomous or semi-autonomous caller performs data-destructive actions without confirmation or safety checks.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal