by 安全扫描
OpenClaw
可疑
medium confidenceNULL
评估建议
This skill appears internally consistent: it uses a Maton API gateway to proxy Google Forms requests and only needs MATON_API_KEY. Before installing, verify the Maton service and publisher because the skill's 'Source' and 'Homepage' are missing — the gateway operator (maton.ai) will be able to access OAuth connections and form data when you use this skill. If you proceed: (1) only provide a Maton API key tied to an account you trust, (2) use least-privilege or scoped credentials if available, (3...详细分析 ▾
✓ 用途与能力
Name/description, examples, and required env var (MATON_API_KEY) consistently describe a Maton-managed OAuth gateway for Google Forms. The requested API key is expected for a gateway/proxy integration.
✓ 指令范围
SKILL.md only instructs calls to gateway.maton.ai and ctrl.maton.ai (and connect.maton.ai) using MATON_API_KEY; it does not ask the agent to read unrelated files, other env vars, or system paths. Examples are concrete and limited to the stated API surface.
✓ 安装机制
Instruction-only skill with no install spec or code files (lowest install risk). Nothing is downloaded or written to disk by the skill itself.
ℹ 凭证需求
Only MATON_API_KEY is required which matches the gateway-based design. However this single key is powerful — it allows the maton.ai gateway to act on behalf of the user's Google connections, so it is a high-sensitivity secret and should be treated accordingly.
✓ 持久化与权限
always=false and no special privileges requested. The skill can be invoked autonomously (platform default) but that is not, on its own, a red flag here.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.52026/2/2
NULL
● 无害
安装命令
点击复制官方npx clawhub@latest install google-forms
镜像加速npx clawhub@latest install google-forms --registry https://cn.longxiaskill.com