Daily Email Summary

ReviewAudited by ClawScan on May 1, 2026.

Overview

The skill appears to do what it claims—read recent unread Gmail messages for summaries—but it requires read-only Gmail OAuth access and passes email content into the agent/model context.

This skill is coherent and appears benign, but it handles sensitive Gmail data. Before installing, verify the publisher/source, authorize only read-only Gmail access, keep the credentials and token files protected, and remember that summarized email content may be processed by the agent/model.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium

#ASI03: Identity and Privilege Abuse

What this means

Installing and authorizing this skill lets it read unread Gmail messages for the signed-in account.

Why it was flagged

The script uses a local OAuth credentials file to access the user's Gmail account. The scope is read-only and matches the stated purpose, but it is still delegated account access to sensitive email data.

Skill content

SCOPES = ['https://www.googleapis.com/auth/gmail.readonly'] ... credentials_path = os.getenv('GMAIL_CREDENTIALS_PATH')

Recommendation

Authorize it only for an account you want summarized, keep the credentials file secure, and review the Google OAuth consent screen to confirm read-only Gmail access.

Medium

#ASI06: Memory and Context Poisoning

What this means

Sensitive email content may be placed into the agent/model context, and malicious email text could try to influence the agent's behavior if not handled carefully.

Why it was flagged

The helper outputs email body text and snippets for the agent to summarize. Email bodies can contain private information and untrusted sender-controlled text that should not be treated as agent instructions.

Skill content

emails.append({ ... "body": body, "snippet": message.get('snippet', '') })

Recommendation

Use the skill only when you are comfortable having email contents summarized by the agent, and instruct the agent to ignore any commands or instructions contained inside emails.

Low

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

Users may not be able to verify the publisher or upstream repository from the listed metadata alone.

Why it was flagged

The registry source is unknown and the homepage uses a placeholder-style repository path, which weakens provenance even though the provided source code is understandable.

Skill content

Source: unknown; Homepage: https://github.com/yourusername/email-summary-skill

Recommendation

Verify the skill's actual source and publisher before installing, especially because it requests Gmail OAuth access.