Safety Report

Microsoft OneDrive

Name: Microsoft OneDrive
Rating: 5 (7 reviews)
Author: byungkyu

OneDrive API integration with managed OAuth via Microsoft Graph. Manage files, folders, and sharing. Use this skill when users want to upload, download, orga...

5,392Downloads

10Installs

7Stars

4Versions

API Integration4,971 File Management2,100 Cloud Storage1,005

Security Analysis

medium confidence

Clean0.04 risk

The skill is internally consistent: it proxies OneDrive/Microsoft Graph calls through a third‑party gateway (Maton) and only asks for a single MATON_API_KEY, but using it requires trusting Maton with your OneDrive access—verify that trust before installing.

Feb 19, 20262 files1 concern

Purpose & Capabilityok

Name/description match the instructions: all examples call a Maton gateway that proxies Microsoft Graph. The required env var (MATON_API_KEY) is consistent with a managed-OAuth gateway service.

Instruction Scopeok

SKILL.md only instructs network calls to gateway.maton.ai / ctrl.maton.ai / connect.maton.ai and using the MATON_API_KEY; it does not ask the agent to read unrelated files, system paths, or other credentials.

Install Mechanismok

Instruction-only skill with no install spec and no code files — nothing is written to disk by an installer. This is the lowest install risk.

Credentialsnote

The skill requests a single env var (MATON_API_KEY), which is proportionate to the described gateway usage. However, that key likely grants broad access to OneDrive via Maton, so the key is highly sensitive and requires trust in the Maton service.

Persistence & Privilegeok

Skill is not always-enabled and has no special persistence or system-wide config changes. It does not request elevated platform privileges.

Guidance

This skill appears to do what it says: it routes OneDrive/Graph calls through a third‑party gateway (Maton) and uses a MATON_API_KEY. Before installing, confirm you trust Maton (maton.ai) to hold and use OAuth tokens for your OneDrive accounts: check Maton’s website, privacy/security documentation, and whether the API key can be scoped or revoked. Treat the MATON_API_KEY like a full-access credential: do not reuse it elsewhere, create a dedicated key/account if possible, monitor activity and connections listed at ctrl.maton.ai, and revoke the key immediately if you see unexpected access. Note the skill listing has no homepage and the registry owner identity is unclear—if you need higher assurance, ask the publisher for provenance or prefer an official Microsoft Graph integration instead.

Latest Release

v1.0.3

Version 1.0.3 of the OneDrive skill - No file changes were detected in this release. - All features and documentation remain unchanged from the previous version.

More by @byungkyu

API Gateway

180 stars

Microsoft Excel

30 stars

Fathom

11 stars

Todoist

11 stars

Jira

6 stars

Monday.com

5 stars

Published by @byungkyu on ClawHub