ClawHub
Back to skill

Security audit

Google Docs Connector

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Google Docs connector, but users should be careful because it can export documents and change sharing permissions, including public access.

Install only if you intend to let the agent work with Google Docs through AgentPMT. Before exporting sensitive documents or using domain/anyone sharing, confirm the exact document, recipients, role, and whether public access is acceptable; use get_permissions first when changing access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill exposes document sharing operations, including domain-wide and `anyone` public access, but only gives a terse functional note rather than a clear privacy and data-exposure warning. In an agent context, this can lead to accidental oversharing of sensitive documents if an agent follows task instructions literally without prompting for user confirmation on risky permission changes.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The export feature allows conversion of documents into portable formats such as PDF, DOCX, HTML, and base64-encoded binaries, but the skill does not clearly warn that exported content can be copied, stored, or redistributed outside Google Docs access controls. This increases the chance that agents export sensitive material into less controlled channels without user awareness.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill exposes a `share_document` action that can change Google Docs permissions, including `domain` and `anyone` sharing, but the schema provides no explicit warning that this operation can expose sensitive document contents to unintended parties. In an agent setting, this is dangerous because permission-changing actions are high-risk and can be triggered from ambiguous user requests, causing inadvertent data disclosure rather than a mere formatting or document-editing change.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal