Google Drive

Security checks across malware telemetry and agentic risk

Overview

This is a transparent Google Drive cURL guide, but users should be careful because its examples can change, delete, upload, or share real Drive files.

Install only if you trust Maton with the Google Drive account and files you connect. Keep MATON_API_KEY secret, use the least-privileged Drive account or connection practical, and require explicit confirmation plus file ID and recipient checks before running delete, overwrite, move, upload, or sharing commands.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill includes destructive operations for deleting connections and Google Drive files without any caution, confirmation guidance, or explanation of irreversible effects. In an agent skill context, this increases the chance of accidental destructive actions against real user data or OAuth-linked integrations, especially if an agent follows examples mechanically.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The guide documents many state-changing operations including create, update, move, upload, and permission-sharing actions without warning that they modify files, metadata, or access controls. In an autonomous or semi-autonomous agent setting, omission of such guardrails can lead to unintended data changes, exposure through sharing, or overwriting user content.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal