gmail

[Skill Scanner] Natural language instruction to download and install from URL detected All findings: [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] No code-level malware or obfuscation found in this documentation artifact. The primary security concern is that all Gmail access and OAuth tokens are routed and managed by Maton-controlled services (gateway.maton.ai, ctrl.maton.ai, connect.maton.ai). This centralization grants Maton effective full access to user mailboxes and message content and introduces a supply-chain/trust risk: if Maton is compromised or malicious, credentials and mailbox data could be exfiltrated or abused. Evaluate Maton's operational security, token retention/rotation policies, and privacy guarantees before use. For highly sensitive deployments, prefer direct Google OAuth or an independently audited managed provider. LLM verification: This skill/documentation describes a legitimate-seeming Gmail API proxy that centralizes OAuth and Gmail operations through Maton-managed endpoints. The primary risk is supply-chain/privacy: Maton will see and potentially store email contents and OAuth tokens. There is no explicit evidence of malware, obfuscation in this fragment, or hard-coded secrets, but the design creates a high-trust dependency. Recommend: (1) review Maton’s security and privacy policies, encryption practices, and data rete