ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Gmail Secretary

v1.0.27

Gmail triage assistant using Haiku LLM for classification, label application, and draft replies (uses gog CLI; never auto-sends).

0· 2.1k·10 current·10 all-time
by@officialdelta
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The scripts implement exactly what the description says (fetch inbox, build voice reference from Sent, classify with an LLM agent, create drafts, and apply labels). However the registry metadata claims no required binaries or env vars while the scripts clearly require node and the 'gog' CLI (invoked at /home/linuxbrew/.linuxbrew/bin/gog) and use GOG_ACCOUNT/GOG_KEYRING_PASSWORD. The omission of these runtime requirements is an incoherence.
Instruction Scope
Instructions and scripts operate only on the user's Gmail via the gog CLI and local cache files (no external network endpoints other than what gog uses). They read Sent mail to build a voice profile and redact some PII, create draft text and triage summaries, and apply labels. This is within the stated purpose, but the skill will access and process personal email content (including Sent messages) and write files under /home/delta/.openclaw/workspace — the hard-coded paths are environment-specific and potentially surprising.
Install Mechanism
There is no download/install spec (instruction-only + bundled scripts). That avoids remote code fetching, which is lower risk. The scripts will be present on disk as part of the skill package; they invoke existing local binaries rather than installing new ones.
!
Credentials
The skill requests no env vars in metadata, but the scripts rely on GOG_ACCOUNT and GOG_KEYRING_PASSWORD (with defaults). It also implicitly needs the user's gog-authenticated Gmail credentials via the gog CLI. Requesting access to a mailbox is proportional to a Gmail triage assistant, but the missing/undocumented credential requirements and a hardcoded keyring-password default ('openclaw') are mismatches and could lead to accidental credential exposure or misconfiguration.
Persistence & Privilege
The skill does not set always:true and does not modify other skills. It can, however, modify the user's Gmail labels (apply-labels.sh) which is a meaningful capability. Autonomous invocation is allowed by default (disable-model-invocation is false) — combined with Gmail access this increases impact, but autonomous invocation alone is expected for many skills.
What to consider before installing
This skill appears to implement a real Gmail triage workflow, but there are a few red flags you should address before installing or running it: - Verify required binaries and paths: the scripts call /home/linuxbrew/.linuxbrew/bin/gog and node, but the skill metadata lists no required binaries. Ensure 'gog' and Node.js are installed at those paths or edit the scripts to point to the correct locations. - Confirm credentials usage: the scripts rely on GOG_ACCOUNT and GOG_KEYRING_PASSWORD (defaults exist). The package metadata should declare these; otherwise you may be surprised when the skill accesses your Gmail via the local gog credential store. Do not set a real password to the weak default value; prefer explicit, documented configuration. - Review data access and outputs: the skill reads inbox and Sent messages to build a voice reference and will write drafts and triage files under /home/delta/.openclaw/workspace/cache. Inspect those generated files (gmail-drafts.md, gmail-triage.md, gmail-inbox-summaries.json, gmail-triage-labels.json) before letting the agent act on them. The voice reference samples include personal context (name, school); confirm you are comfortable with that processing and local storage. - Test manually first: run the scripts yourself in a controlled environment or on a throwaway/secondary Gmail account to verify behavior (that it only creates drafts and applies labels) before granting the agent autonomous access. - Consider limiting autonomy: if you don't want the agent to alter your mailbox without oversight, disable autonomous invocation for this skill or require manual invocation for apply-labels.sh. If the author updates the skill metadata to declare required binaries (gog, node), required env vars (GOG_ACCOUNT, GOG_KEYRING_PASSWORD), and avoids hard-coded absolute paths (or documents them), the incoherences would be resolved and my assessment could be upgraded to benign.
scripts/apply-labels.sh:23
Shell command execution detected (child_process).
scripts/build-voice-reference.sh:33
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk973t8ceed7xbmjan1kyrxdvb983d4nq
2.1kdownloads
0stars
28versions
Updated 9h ago
v1.0.27
MIT-0
@officialdelta
latest
Download

Gmail Secretary (Alan)

Safety rules (non-negotiable)

  • Never send email automatically. Only create drafts + summaries.
  • Prefer labels over moving/deleting.
  • Keep the voice reference style-focused (patterns + a few short redacted snippets), not a full archive.

Labels (user-friendly)

Use/create these labels:

  • Urgent
  • Needs Reply
  • Waiting On
  • Read Later
  • Receipt / Billing
  • School
  • Clubs
  • Mayo
  • Admin / Accounts

Classification: Agent-based (Haiku)

Classification uses a Haiku LLM agent (via sessions_spawn) instead of regex.

  • scripts/triage-and-draft.sh fetches inbox → writes summaries to cache/gmail-inbox-summaries.json
  • Agent reads summaries, classifies each email, writes results to cache/gmail-triage-labels.json
  • scripts/apply-labels.sh reads classification results and applies Gmail labels via gog

Agent classification prompt context:

  • Student at Stanton College Prep (IB/AP classes)
  • Clubs: FBLA, Science Fair, Medical Society, Psi Alpha, NHS
  • Project: Mayo Clinic cancer cell simulation
  • Companies (Apple, Google, Amazon, etc.) are NOT "School"
  • Newsletters/promos → Read Later
  • Account security/password/verification → Admin / Accounts

Files

  • Voice reference (auto-maintained): references/voice.md
  • Draft queue (generated): /home/delta/.openclaw/workspace/cache/gmail-drafts.md
  • Triage digest (generated): /home/delta/.openclaw/workspace/cache/gmail-triage.md
  • Inbox summaries (intermediate): /home/delta/.openclaw/workspace/cache/gmail-inbox-summaries.json
  • Classification results: /home/delta/.openclaw/workspace/cache/gmail-triage-labels.json

Scripts

  • Build/refresh voice reference from Sent mail:
    • scripts/build-voice-reference.sh (samples last 50 sent messages)
  • Fetch inbox + extract summaries:
    • scripts/triage-and-draft.sh
  • Apply labels from classification:
    • scripts/apply-labels.sh

Workflow

  1. Run triage-and-draft.sh — fetches inbox, extracts summaries
  2. Agent (Haiku) classifies emails from gmail-inbox-summaries.json
  3. Agent writes results to gmail-triage-labels.json
  4. Run apply-labels.sh — applies labels to Gmail threads
  5. Agent writes triage digest to cache/gmail-triage.md for nudges

Comments

Loading comments...