Gmail Cleaner
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly consistent with Gmail cleanup, but it has high-impact Gmail deletion authority, including a default deep-clean path that can permanently purge trash without an interactive confirmation.
Only install or run this if you are comfortable granting broad Gmail access. Run scan and dry-run modes first, avoid the default deep-clean purge unless you truly want permanent deletion, keep token .pkl files private, and consider revoking the OAuth token after cleanup.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the advertised deep-clean command can permanently delete Gmail messages already in trash, which may not be recoverable.
The default deep-clean path purges existing trash with Gmail batchDelete unless the user opts out; dry-run is available but not the default.
parser.add_argument('--skip-trash-purge', action='store_true', help='Skip step 4 (purge existing trash)') ... if not args.skip_trash_purge: ... ids = get_ids("in:trash older_than:1d", args.max) ... batch_op(ids, 'delete', 'Trash purge')Make permanent deletion opt-in, require an explicit confirmation after showing counts, and recommend --dry-run before any real mailbox mutation.
If the agent is pointed at a malicious .pkl token file, code could run on the user's machine under the user's account.
The scripts load a user-specified token path with pickle; Python pickle can execute code if the token file is malicious or untrusted.
parser.add_argument('--token', default=DEFAULT_TOKEN) ... with open(args.token, 'rb') as f: creds = pickle.load(f)Use a safer token storage format or Google credential cache mechanism, and only load token files generated by this skill in a trusted local directory.
The token can be used to read, modify, trash, delete, label, and create filter settings in the connected Gmail account.
The default OAuth flow requests Gmail read/modify access plus Gmail settings access for filters, which is expected for the feature set but grants broad mailbox authority.
'settings': ['https://www.googleapis.com/auth/gmail.modify', 'https://www.googleapis.com/auth/gmail.readonly', 'https://www.googleapis.com/auth/gmail.settings.basic'] ... parser.add_argument('--scopes', default='settings'Use the minimum scope needed for the task, keep token files private, and revoke the OAuth grant after use if the skill is no longer needed.
A future or compromised dependency version could affect what code is installed when the script runs.
The script installs unpinned Python packages at runtime if dependencies are missing; this is purpose-aligned but leaves dependency versions and provenance uncontrolled.
os.system(f"{sys.executable} -m pip install google-auth-oauthlib google-auth-httplib2 google-api-python-client -q")Move dependencies into an install spec or requirements file with pinned versions and hashes, and avoid silent runtime installs.
Incorrect filter rules could keep affecting future Gmail messages until manually removed.
The organizer can create persistent Gmail filters that continue labeling future emails after the script completes.
service.users().settings().filters().create(userId='me', body={'criteria': {'from': from_q}, 'action': {'addLabelIds': [lid]}}).execute()Review all proposed filters before creating them, use --dry-run first, and document how to remove filters later.