ClawHub

Google Sheet matan

Security checks across malware telemetry and agentic risk

Overview

This skill is a documentation-only helper for using Google Sheets through Maton Gateway, with powerful spreadsheet write and delete examples that users should handle carefully.

Install only if you trust Maton Gateway with the spreadsheets involved. Keep MATON_API_KEY secret, avoid exposing populated Authorization headers in logs or prompts, use the narrowest available permissions, and manually verify spreadsheet IDs, ranges, clear/delete commands, and batchUpdate payloads before running them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill documents destructive operations such as clearing values, deleting sheets, and structural batch updates without any warning, confirmation guidance, backup advice, or scope-limiting safeguards. In an agent skill context, this increases the chance of accidental destructive actions against real spreadsheets, causing data loss or operational disruption even if the author likely intended normal administration use.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill instructs users to send a bearer API key in authenticated requests but provides no guidance on secret handling, storage, logging avoidance, or limiting exposure of spreadsheet contents sent through the gateway. In an agent environment, this can lead to credential leakage, unsafe transmission practices, or overbroad access to sensitive spreadsheet data.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal