ClawHub

Google Service Accounts

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Google service-account guide with runnable examples, but users should be careful because the examples can modify shared Google files.

Install only if you are comfortable giving an agent access to Google files or calendars you explicitly share with the service account. Use a dedicated test file first, grant Viewer/read-only access unless writes are needed, avoid running the write examples on production documents without checking the target, and keep credentials.json or CREDS_JSON private.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The Sheets example performs an immediate write to a remote spreadsheet using service-account credentials, replacing cell contents without any interactive confirmation, dry-run mode, or explicit safety guard. In the context of a headless automation skill that operates on user Google resources, this increases the chance of accidental modification of live data if the wrong spreadsheet is opened or the example is run verbatim against production content.

Unpinned Dependencies

Low
Category
Supply Chain
Content
gspread
google-api-python-client
google-auth
google-auth-oauthlib
Confidence
94% confidence
Finding
gspread

Unpinned Dependencies

Low
Category
Supply Chain
Content
gspread
google-api-python-client
google-auth
google-auth-oauthlib
Confidence
96% confidence
Finding
google-api-python-client

Unpinned Dependencies

Low
Category
Supply Chain
Content
gspread
google-api-python-client
google-auth
google-auth-oauthlib
Confidence
95% confidence
Finding
google-auth

Unpinned Dependencies

Low
Category
Supply Chain
Content
gspread
google-api-python-client
google-auth
google-auth-oauthlib
Confidence
93% confidence
Finding
google-auth-oauthlib

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal