Is cognito-forms safe?

https://clawhub.ai/byungkyu/cognito-forms

82
SAFE

The cognito-forms skill is a legitimate Cognito Forms API integration that routes all traffic through Maton's managed OAuth gateway (gateway.maton.ai). It contains no executable code, no install hooks, no git hooks, and no malicious patterns. The primary risk is the architectural trust dependency on Maton's gateway, which has full visibility into all API traffic including form data and PII. Canary files were untouched and no network activity occurred during installation.

Category Scores

Prompt Injection 78/100 · 30%
Data Exfiltration 80/100 · 25%
Code Execution 85/100 · 20%
Clone Behavior 90/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 72/100 · 5%

Findings (6)

MEDIUM All API traffic routed through third-party gateway -15

All Cognito Forms API calls are proxied through gateway.maton.ai rather than going directly to cognitoforms.com. The Maton gateway has full visibility into all request/response data including form entries containing PII, documents, files, and the user's API key. This is the intended managed OAuth pattern but represents a significant trust dependency.

MEDIUM Gateway proxy creates man-in-the-middle trust dependency -18

The architectural design means Maton operates as a persistent intermediary for all Cognito Forms operations. A compromised gateway could harvest PII, modify entries, or reuse OAuth tokens without the user's knowledge.

LOW Cross-skill referral to api-gateway -10

The skill description directs the agent to load another skill from the same author (api-gateway) for other third-party apps, creating a potential chaining vector.

LOW Inline executable code blocks guide agent execution -7

Multiple Python heredoc code blocks in SKILL.md will be directly executed by the agent, giving the skill author control over code the agent runs. The code appears legitimate but represents an inherent trust surface.

LOW AWS credentials file accessed during installation -10

Filesystem monitoring detected OPEN/ACCESS of /home/oc-exec/.aws/credentials during installation. This appears to be part of the OpenClaw platform's normal startup routine rather than skill-initiated behavior, but is noted for completeness.

INFO Troubleshooting section echoes API key -5

Troubleshooting instructions include 'echo $MATON_API_KEY' which would print the key to console output, a minor information disclosure pattern.