Google Workspace Automation
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the generated scopes are used as-is, an automation may receive broad access to Gmail, Drive, Sheets, Calendar, or Docs data.
The planner maps selected services to broad OAuth scopes. It does not use credentials itself, but a user implementing the generated plan could grant wider Google Workspace access than necessary for a specific action.
"drive": "https://www.googleapis.com/auth/drive", "sheets": "https://www.googleapis.com/auth/spreadsheets", "calendar": "https://www.googleapis.com/auth/calendar"
Before implementing a generated plan, compare each suggested scope against Google's narrower scopes and grant only the minimum needed for the exact actions.