api-gateway

SUSPICIOUS. The skill is internally consistent and publisher-aligned, with no malicious installer behavior, but its core function is to proxy all third-party API traffic and managed OAuth through Maton-operated infrastructure instead of official service endpoints. That makes it a high-trust intermediary with broad real-world action capability and meaningful data exposure risk, even though the behavior is disclosed rather than concealed.