Google Tasks
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: google-tasks Version: 1.0.0 The OpenClaw AgentSkills skill bundle for Google Tasks is classified as benign. All scripts (bash, Node.js, Python) transparently interact with legitimate Google Tasks and OAuth API endpoints (tasks.googleapis.com, oauth2.googleapis.com) to manage tasks and handle authentication. Sensitive files like `token.json` and `credentials.json` are handled locally and explicitly git-ignored, as confirmed by `CLAWHUB_CHECKLIST.md`. There is no evidence of data exfiltration to unauthorized endpoints, malicious execution beyond the stated purpose, persistence mechanisms, or prompt injection attempts against the agent in `SKILL.md` or `README.md`.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone or any agent process using the stored token can view and modify the user's Google Tasks within the granted scope.
The skill requires a Google OAuth token with read/write Google Tasks access, which is necessary for the advertised create/delete functionality but grants real account authority.
Valid `token.json` with OAuth access token ... **Scopes required:** `https://www.googleapis.com/auth/tasks` (read + write)
Use a Google OAuth client you control, grant only the documented Tasks scope, and protect or remove token.json when no longer needed.
A mistaken invocation or ambiguous task number/title could delete a task from the user's Google account.
The delete script performs a real Google Tasks DELETE request once invoked; the behavior is disclosed but has no extra confirmation prompt in the script.
curl -s -X DELETE ... tasks.googleapis.com/tasks/v1/lists/$LIST_ID/tasks/$TASK_ID
List tasks first and confirm the exact list and task identifier before asking the agent to delete anything.
Running the helper can execute the system browser-opening command on the local machine.
The Node helper shells out to the OS browser opener for OAuth authentication. This matches the setup purpose, but it is still local command execution.
exec(`${start} "${authUrl}"`);Run the authentication helper only from the reviewed skill directory and only when you intend to authenticate.
Install-time prompts may not fully warn about the tools, packages, and credentials needed to use the skill.
The registry metadata under-declares requirements that the skill documentation and scripts rely on, including curl, jq, OAuth credentials, and Node/Python auth dependencies.
Required binaries (all must exist): none ... Primary credential: none ... No install spec — this is an instruction-only skill.
Review SKILL.md, README.md, package.json, and the auth scripts before installing dependencies or providing credentials.