Gmail 1.0.6
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: gmail-1-0-6 Version: 1.0.0 The OpenClaw skill bundle for Gmail API integration appears benign. All code examples and instructions in `SKILL.md` are consistent with the stated purpose of interacting with the Gmail API via the `maton.ai` gateway. It properly uses `MATON_API_KEY` from environment variables and makes network requests only to `maton.ai` domains. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, prompt injection attempts against the agent, or obfuscation. The `LICENSE.txt` is a standard MIT license.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If an agent uses this skill too broadly, it could send messages or alter a mailbox in ways the user did not intend.
The documented endpoints let an agent send email, trash messages, and send drafts. These are high-impact Gmail account actions, and the artifacts do not include explicit user-confirmation or containment guidance.
POST /google-mail/gmail/v1/users/me/messages/send ... POST /google-mail/gmail/v1/users/me/messages/{messageId}/trash ... POST /google-mail/gmail/v1/users/me/drafts/sendRequire explicit user approval before sending, trashing, deleting, or changing mailbox state; prefer draft creation or read-only/metadata operations unless the user clearly requests a write action.
A user or agent might copy the fixed connection ID and try to use the wrong Gmail connection; it also exposes an account-resource identifier that should not be in a public template.
The skill includes a concrete connection identifier in both a sample response and a request header example, rather than using a placeholder.
"connection_id": "21fd90f9-5935-43cd-b6c8-bde9d915ca80" ... req.add_header('Maton-Connection', '21fd90f9-5935-43cd-b6c8-bde9d915ca80')Replace the hard-coded UUID with a placeholder such as {connection_id}, and document that users should list and select only their own active connection.
Email contents, metadata, and mailbox actions may pass through a third-party gateway before reaching Gmail.
Gmail API traffic and delegated OAuth use are routed through Maton’s gateway, which is expected for this skill but important for users to understand.
The gateway proxies requests to `gmail.googleapis.com` and automatically injects your OAuth token.
Use this only if you trust Maton with Gmail API proxying, and connect only the Google account intended for agent access.
Users have less independent context for verifying who maintains the skill and whether the Maton endpoints are the intended provider.
The registry provides no source repository or homepage, which limits provenance verification for a credential- and email-account integration.
Source: unknown; Homepage: none
Verify the publisher and Maton service relationship before providing MATON_API_KEY or authorizing Gmail OAuth access.