Exposed resource identifier
Critical
- Finding
- Example code exposes a concrete Google Sheets spreadsheet ID instead of a placeholder.
Api Gateway.Disabled
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill is a broad Maton API gateway that can act on many connected third-party accounts, including writing, sending, posting, and deleting data, with limited guardrails and inconsistent package metadata.
Install only if you trust Maton and are comfortable giving the agent access to MATON_API_KEY. Use least-privilege OAuth connections, explicitly name the intended connection for sensitive tasks, and require confirmation before the agent sends, posts, shares, updates, or deletes anything.
Static analysis
Exposed resource identifier
Critical
- Finding
- Example code exposes a concrete connection_id instead of a placeholder.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
#
ASI02: Tool Misuse and Exploitation
High
What this means
If used carelessly, the agent could create, update, send, publish, share, or delete data in connected services.
Why it was flagged
The skill is designed as a raw API passthrough rather than a narrowly scoped workflow. That is purpose-aligned, but it gives the agent broad ability to call native endpoints across many services.
Skill content
Passthrough proxy for direct access to third-party APIs using managed OAuth connections... The API gateway lets you call native API endpoints directly.
Recommendation
Use only with explicit task-by-task instructions, require confirmation for write/delete/send/publish actions, and prefer least-privilege service connections.
#
ASI03: Identity and Privilege Abuse
High
What this means
Anyone or any agent session with access to MATON_API_KEY may be able to act through the user's authorized connections.
Why it was flagged
The Maton key is expected, but once a user has authorized service connections it becomes the mechanism by which the agent can exercise delegated access to those third-party accounts.
Skill content
All requests require the Maton API key... The API gateway automatically injects the appropriate OAuth token for the target service.
Recommendation
Store the key carefully, rotate it if exposed, revoke unused Maton connections, and authorize only the services and scopes needed for the current task.
#
ASI03: Identity and Privilege Abuse
Medium
What this means
The agent could operate on the wrong Slack workspace, Google account, CRM, or other service connection if the user does not specify the intended connection.
Why it was flagged
Defaulting to the oldest active connection can blur account/workspace boundaries when a user has multiple authorized connections for the same app.
Skill content
If omitted, the gateway uses the default (oldest) active connection for that app.
Recommendation
Specify the Maton-Connection header for sensitive actions and confirm the target account before making changes.
#
ASI04: Agentic Supply Chain Vulnerabilities
Medium
What this means
Users may not be able to tell exactly which package identity or publisher record they are trusting with API access.
Why it was flagged
The included package metadata does not match the evaluated registry metadata, which names slug api-gateway-disabled, owner kn7595ryaegvhdewfk29tz2gf182vkss, and version 1.0.0. For a credential-bearing API gateway, this identity mismatch is a provenance concern.
Skill content
"ownerId": "kn75240wq8bnv2qm2xgry748jd80b9r0", "slug": "api-gateway", "version": "1.0.68"
Recommendation
Verify the publisher and package identity with Maton/ClawHub before installing, especially before providing MATON_API_KEY.
#
ASI07: Insecure Inter-Agent Communication
Medium
What this means
Connected-service data such as messages, files, contacts, analytics, or CRM records may be processed through Maton's gateway during use.
Why it was flagged
The gateway and control-plane calls are intentionally routed through Maton-hosted services, so third-party API requests and responses may pass through that provider.
Skill content
Base URL: https://gateway.maton.ai/{app}/{native-api-path} ... Connection management uses a separate base URL: https://ctrl.maton.aiRecommendation
Review Maton's privacy/security terms and avoid sending highly sensitive data through the gateway unless that data flow is acceptable.