Gmail Label Routing
PassAudited by ClawScan on May 10, 2026.
Overview
This skill is a purpose-aligned Gmail automation, but it can change Gmail filters/messages and uses local OAuth credentials.
Install only if you are comfortable letting this skill manage Gmail labels, filters, and matching messages. Confirm the senders and whether mail should leave Inbox, try --dry-run first, and inspect the full local script/credential setup before use.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run with the wrong sender or label, existing and future emails could be labeled or archived unexpectedly.
The workflow can batch-modify existing Gmail messages and defaults to removing matching messages from Inbox unless the user chooses --keep-inbox.
inbox_group.add_argument("--remove-inbox", dest="remove_inbox", action="store_true", default=True) ... "messages", "batchModify"Confirm the exact senders, label, and Inbox behavior before running; use --dry-run first for uncertain requests.
The skill operates with the Gmail account authority available in the selected local OAuth credential file.
The script reads local OAuth credentials containing a refresh token and uses them to obtain Gmail API access.
DEFAULT_CREDENTIAL_CANDIDATES = ["/root/.config/gws/credentials.new.json", "/root/.config/gws/credentials.json"] ... "refresh_token"
Use only the intended Gmail credential file, avoid over-scoped tokens where possible, and do not provide unrelated account credentials.
A user may not realize from the metadata alone that the skill needs local Gmail tooling and credential files.
The registry metadata does not declare the local gws dependency or OAuth credential files that the included workflow relies on.
Required binaries (all must exist): none ... Primary credential: none ... Required config paths: none
Document the gws dependency and expected OAuth credential path before installation or use.