ClawHub
Back to skill

Security audit

Google Contacts

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Google Contacts connector, but users should be careful because it can read, change, and permanently delete contacts.

Install only if you want an agent connected to your Google Contacts through AgentPMT. Require explicit user direction before listing, exporting, updating, creating, or deleting contacts, and confirm any delete because the artifact says deletion is permanent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The activation keywords are overly broad and include generic phrases like 'contact' and common business tasks, which can cause unintended skill invocation from ordinary conversation. In this skill's context, accidental activation is risky because the tool can read, create, update, and permanently delete Google Contacts, potentially causing privacy exposure or destructive actions without clear user intent.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The schema documents actions that create, retrieve, search, update, and delete personal contact records, including names, emails, phone numbers, addresses, and notes, but it does not warn that these operations transmit sensitive personal data to Google services or require appropriate user consent and data-handling safeguards. In an agent setting, this omission increases the risk of silent collection, disclosure, or modification of third-party PII because downstream developers may treat the connector as routine utility functionality rather than a privacy-sensitive integration.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.