安全决策报告
jef1test
Legitimate API gateway proxy with significant privacy implications due to MITM architecture routing all third-party service data through maton.ai infrastructure.
为什么得出这个结论
0/4 个维度触发 通过
声明与实际能力
声明资源与推断能力基本一致。
复核
隐藏执行与外联
提取到 26 个一般风险产物,需要结合上下文判断。
通过
攻击链与高危发现
没有形成明确的恶意路径。
复核
依赖与供应链卫生
没有完整依赖信息,供应链判断需要保留弹性。
风险分是怎么被拉高的
MITM architecture +20
All API calls pass through gateway.maton.ai, enabling service provider visibility into all data
Third-party OAuth aggregation +15
Unified access to 100+ services through single credential - high-value target
Credential dependency +10
MATON_API_KEY required and sent to maton.ai infrastructure
最关键的证据
中危 数据外泄
All API data routed through third-party proxy
The gateway architecture routes all API calls through gateway.maton.ai, enabling maton.ai to observe, log, and potentially store all request/response data for connected third-party services.
SKILL.md:1 Users should verify maton.ai's data handling policies and ensure this MITM architecture is acceptable for their use case, especially for sensitive services like email, CRM, or financial APIs.
中危 敏感访问
Unified OAuth token aggregation
Single MATON_API_KEY provides access to manage OAuth connections for 100+ services. If compromised, attacker gains ability to initiate OAuth flows or access all connected services.
SKILL.md:1 Consider using separate credentials per service category to limit blast radius. Monitor for unauthorized connection creation.
低危 文档欺骗
Security claims may be understated
SKILL.md states 'MATON_API_KEY authenticates with Maton.ai but grants NO access to third-party services by itself' - while technically true, the key enables gateway access which can leverage user's authorized OAuth tokens for all connected services.
SKILL.md:5 Clarify that while the API key alone doesn't grant service access, it enables the gateway which uses user's existing OAuth connections.
声明能力 vs 实际能力
网络访问 通过
声明 READ
→ 推断 READ
SKILL.md declares network access for API calls to gateway.maton.ai and ctrl.maton.ai 环境变量 通过
声明 READ
→ 推断 READ
SKILL.md line 13: Requires MATON_API_KEY environment variable 文件系统 通过
声明 NONE
→ 推断 NONE
No file operations declared or present 命令执行 通过
声明 NONE
→ 推断 NONE
No shell execution in documentation or examples 可疑产物与外联
中危 外部 URL
https://maton.ai SKILL.md:6
中危 外部 URL
https://gateway.maton.ai/slack/api/chat.postMessage SKILL.md:30
中危 外部 URL
https://gateway.maton.ai/ SKILL.md:41
中危 外部 URL
https://maton.ai/settings SKILL.md:67
中危 外部 URL
https://ctrl.maton.ai SKILL.md:72
中危 外部 URL
https://ctrl.maton.ai/connections?app=slack&status=ACTIVE SKILL.md:79
中危 外部 URL
https://connect.maton.ai/?session_token=5e9... SKILL.md:98
中危 外部 URL
https://ctrl.maton.ai/connections SKILL.md:113
中危 外部 URL
https://ctrl.maton.ai/connections/ SKILL.md:129
中危 外部 URL
https://slack.com/api/chat.postMessage SKILL.md:466
中危 外部 URL
https://api.hubapi.com/crm/v3/objects/contacts SKILL.md:480
中危 外部 URL
https://gateway.maton.ai/hubspot/crm/v3/objects/contacts SKILL.md:484
依赖与供应链
没有结构化依赖告警。
文件构成
1 个文件 · 662 行
Markdown 1 个文件 · 662 行
需关注文件 · 1
SKILL.md All API data routed through third-party proxy · Unified OAuth token aggregation · Security claims may be understated · https://maton.ai · https://gateway.maton.ai/slack/api/chat.postMessage · https://gateway.maton.ai/ · https://maton.ai/settings · https://ctrl.maton.ai · https://ctrl.maton.ai/connections?app=slack&status=ACTIVE · https://connect.maton.ai/?session_token=5e9... · https://ctrl.maton.ai/connections · https://ctrl.maton.ai/connections/ · https://slack.com/api/chat.postMessage · https://api.hubapi.com/crm/v3/objects/contacts · https://gateway.maton.ai/hubspot/crm/v3/objects/contacts · https://gateway.maton.ai/google-sheets/v4/spreadsheets/122BS1sFN2RKL8AOUQjkLdubzOwgqzPT64KfZ2rvYI4M/values/Sheet1!A1:B2 · https://gateway.maton.ai/salesforce/services/data/v64.0/query?q=SELECT+Id · https://api.airtable.com/v0/meta/bases/ · https://gateway.maton.ai/airtable/v0/meta/bases/appgqan2NzWGP5sBK/tables · https://api.notion.com/v1/data_sources/ · https://gateway.maton.ai/notion/v1/data_sources/23702dc5-9a3b-8001-9e1c-000b5af0a980/query · https://api.stripe.com/v1/customers · https://gateway.maton.ai/stripe/v1/customers?limit=10 · https://gateway.maton.ai/google-mail/gmail/v1/users/me/messages · https://gateway.maton.ai/gmail/v1/users/me/messages · https://ctrl.maton.ai/connections?app=google-mail&status=ACTIVE · https://www.maton.ai/docs/api-reference · https://discord.com/invite/dBfFAcefs2 · [email protected]
安全亮点
No direct code execution or shell commands
No credential harvesting beyond declared MATON_API_KEY requirement
Documentation accurately describes the passthrough architecture
No base64 encoding, obfuscation, or anti-analysis techniques
No access to sensitive local paths (~/.ssh, ~/.aws, .env)
No remote script execution (curl|bash, wget|sh)
No hidden functionality - all capabilities declared in SKILL.md