google-drive

[Skill Scanner] Instruction to copy/paste content into terminal detected All findings: [CRITICAL] command_injection: Instruction to copy/paste content into terminal detected (CI012) [AITech 9.1.4] [CRITICAL] command_injection: Natural language instruction to download and install from URL detected (CI009) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] This skill is an integration doc for a Maton-managed Google Drive proxy. Functionally it matches its stated purpose and contains no obvious malicious code or obfuscation. The primary security concern is that every Google Drive API call, OAuth flow, and file upload/download is routed through Maton-controlled domains (gateway.maton.ai, ctrl.maton.ai, connect.maton.ai). That design requires trusting Maton with OAuth tokens and file content; it is a legitimate service model but represents a notable third-party data-exposure risk. If you require direct control over tokens and data, do not use a proxying gateway. No clear indicators of malware found in the provided fragment. LLM verification: No direct signs of malware or intentional obfuscation were found in the provided SKILL.md documentation. The principal security concern is architectural/trust-based: Maton’s gateway receives MATON_API_KEY and proxies user Drive data and OAuth tokens, centralizing access. If MATON_API_KEY or Maton infrastructure is compromised, user Drive contents and tokens could be exposed. Recommendations: treat this as a third-party-managed integration — restrict and rotate MATON_API_KEY, use per-environment