gmail-checker

This skill generally does what it says — call the Gmail API via curl — but there are notable inconsistencies and risks you should consider before installing: - Secrets disclosure: The SKILL.md describes a refresh-token flow that uses GMAIL_CLIENT_ID, GMAIL_CLIENT_SECRET, and GMAIL_REFRESH_TOKEN, but those variables are not declared in the skill metadata. If you set them, they are high-value credentials; only provide them if you fully trust the skill and the environment. Prefer creating OAuth credentials with the minimum required scopes and a test account if possible. - Local file access: The skill accepts 'attachments' as file paths. Confirm how attachments are read/encoded and avoid pointing it at directories containing sensitive files. Treat the agent's runtime environment like any process that can read files. - External fetches: The skill's 'web_research' flow instructs fetching arbitrary web pages (xurl/curl). That can leak data (for example, if it fetches pages that include private links) or contact third parties. If you don't want network fetches, request a version of the skill that disables web research. - Lack of declared env vars: Ask the publisher to update the skill metadata to list all environment variables the runtime uses (including client id/secret/refresh token) so you can make an informed decision. - Mitigations: If you proceed, run it with a dedicated Gmail account and OAuth credentials with the narrowest scopes needed; avoid placing permanent creds in global shell profiles; monitor and be prepared to revoke tokens via Google Cloud Console. If you want, I can draft questions to send to the skill author asking them to (1) declare all env vars used, (2) show how attachments are handled, and (3) provide an option to disable web fetching.