google

Security checks across malware telemetry and agentic risk

Overview

This is a legitimate Google Drive integration, but it gives broad read, upload, share, update, move, and delete access through a third-party gateway without enough built-in scoping or confirmation guidance.

Install only if you trust Maton and this publisher with the connected Google Drive account. Before use, verify the exact Google account or Maton connection, avoid copying the sample connection ID, and require explicit confirmation before any delete, move, update, upload, download, export, or sharing action.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill documents destructive actions such as update, move, and delete against live Google Drive resources without any warning about irreversibility, confirmation, or recovery expectations. In an agent setting, this increases the risk of accidental data loss because users or downstream agents may invoke these operations without understanding the consequences.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill omits a clear privacy notice that file names, metadata, contents, and sharing actions are sent through Maton gateway/control services and then to Google. In a third-party integration context, lack of disclosure can cause unintended exposure of sensitive enterprise data to external processors.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal