google-search-console

[Skill Scanner] Backtick command substitution detected This README describes a legitimate-looking managed-proxy integration for Google Search Console that centralizes OAuth token custody and requires a single MATON_API_KEY to operate. The provided file contains no obvious malware, obfuscated code, or hard-coded secrets, but the architecture creates a meaningful supply-chain and credential-custody risk: all API keys, session tokens, and OAuth tokens are routed through Maton-owned domains. Treat the integration as potentially risky from a credential-exposure perspective and only adopt it after verifying Maton’s security controls, limiting MATON_API_KEY scope/privileges, and auditing token storage/rotation practices. LLM verification: The document describes a legitimate integration that proxies Google Search Console calls through a third-party managed gateway (Maton). There is no evidence of code-level malware or obfuscation in the provided text. The main security concern is the architectural trust and supply-chain risk: MATON_API_KEY and Google OAuth tokens are centralized with Maton and connection flows expose session tokens in URLs, which can be accidentally leaked. Use only after vetting Maton's security practices, avoid