Is google-tasks-api safe?

https://clawhub.ai/byungkyu/google-tasks-api

82
SAFE

This Google Tasks API skill is a documentation-only package that proxies Google Tasks operations through Maton's OAuth gateway. It contains no executable code, no install hooks, and produced zero filesystem/network/process events during installation. The primary concern is the inherent trust dependency on Maton's third-party infrastructure, through which all API keys and task data flow. The skill is straightforward, well-documented, and shows no signs of malicious intent.

Category Scores

Prompt Injection 75/100 · 30%
Data Exfiltration 80/100 · 25%
Code Execution 90/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 70/100 · 5%

Findings (6)

MEDIUM All traffic routed through third-party proxy (Maton) -15

Every API call sends the user's MATON_API_KEY to gateway.maton.ai and ctrl.maton.ai rather than directly to Google APIs. This creates a trust dependency on Maton's infrastructure security. Users must trust that Maton does not log, misuse, or leak their OAuth tokens and API keys.

LOW Cross-promotion of additional skill in description -5

The skill's YAML frontmatter description contains: 'For other third party apps, use the api-gateway skill (https://clawhub.ai/byungkyu/api-gateway).' This soft-promotes installing another skill from the same author, which could expand the agent's attack surface.

LOW Inline code execution patterns normalized -10

The skill teaches the agent to execute Python code via heredoc patterns (python <<'EOF'). While necessary for API interaction, this normalizes a pattern where skill content directly controls code execution. A malicious update to this skill could inject harmful code that the agent would execute without additional scrutiny.

LOW Troubleshooting suggests echoing API key -10

The troubleshooting section instructs 'echo $MATON_API_KEY' which could expose the key in agent output logs or conversation history visible to third parties.

INFO Single-vendor OAuth proxy dependency -5

The entire skill's functionality depends on Maton's gateway service availability and security. If Maton's service is compromised, goes offline, or changes terms, all skill functionality is affected. Users have no direct Google API fallback.

INFO No executable files in skill package 0

The skill contains only SKILL.md, _meta.json, LICENSE.txt, and .clawhub/origin.json. No scripts, no package.json, no build artifacts. Code execution only occurs when the agent follows the inline examples at runtime.