Is task-status safe?

The skill was installed via slug 'task-status' but the actual content is a 'google-forms' skill from author 'maton'. This is a major trust violation — the user expects task-status functionality but receives a completely different skill that requires API keys and accesses Google account data. This could indicate registry confusion, typosquatting, or intentional bait-and-switch.

Every API call sends the user's MATON_API_KEY to gateway.maton.ai and ctrl.maton.ai. The gateway also holds the user's Google OAuth tokens and proxies all Google Forms traffic, giving the gateway operator full visibility into form data and responses.

The skill contains multiple Python heredoc blocks (python <<'EOF') that are designed to be copy-pasted and executed by the agent. These make HTTP requests to external services. If the gateway responses were malicious, the agent would process them without validation.

The description directs the agent to use another skill ('api-gateway' from a different author) for non-Google-Forms tasks. This could lead to automatic installation of additional untrusted skills, expanding the attack surface.

The troubleshooting section tells the agent to run 'echo $MATON_API_KEY' to verify the key is set. This could expose the secret in terminal logs, CI output, or agent conversation history.

During installation, .env, .aws/credentials, and auth-profiles.json were accessed. This appears to be the host platform (openclaw) reading its own configuration rather than the skill itself, but it demonstrates that the installation environment has access to sensitive files.

The Maton gateway proxies all Google Forms API traffic and manages OAuth tokens. This is a legitimate SaaS pattern but means the gateway operator has full access to all user data flowing through the service, including form responses that may contain PII.