Google Suite Skill
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent Google integration, but it needs review because it grants persistent broad Google-account access and can send or delete data without clear confirmations.
Install only if you are comfortable giving this skill broad, persistent access to the connected Google account. Prefer a dedicated Google account or least-privilege OAuth scopes, review every send/delete/update action before execution, protect or delete google_suite_tokens.json when not needed, and pin dependencies before production use.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
66/66 vendors flagged this skill as clean.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent or a user request goes wrong, the connected account could have email sent, calendar data changed, or Drive files accessed or deleted until the token is revoked or removed.
These scopes grant broad delegated authority over the user's Google account and the token is persisted locally; the artifacts do not narrow access to read-only, app-created Drive files, or clearly scoped write operations.
scopes: ... https://www.googleapis.com/auth/gmail.send ... https://www.googleapis.com/auth/gmail.modify ... https://www.googleapis.com/auth/calendar ... https://www.googleapis.com/auth/drive ... token_storage: ./google_suite_tokens.json
Use least-privilege OAuth scopes where possible, separate read-only from write/delete capabilities, disclose the credential requirement in metadata, and require users to review the OAuth consent screen carefully.
A mistaken autonomous invocation could send an unintended email or delete account data without an additional human approval step.
The code directly performs high-impact Google API actions from action parameters, including sending and deleting, without showing confirmation gates, safe-trash behavior, or rollback controls.
sent = gmail.users().messages().send(userId="me", body=body).execute(); gmail.users().messages().delete(userId="me", id=msg_id).execute(); drive.files().delete(fileId=file_id).execute()
Add explicit confirmation for send/delete/update actions, prefer reversible trash/archive operations where available, validate identifiers and paths, and return a preview before committing changes.
Users may underestimate the risk of a persistent local token that can continue granting broad Google access if the file is copied or exposed.
The source stores OAuth credentials as JSON in a local token file; the artifacts do not show secure-storage controls such as an OS keychain, encryption, or restrictive file permissions, so the 'stored securely' claim is stronger than the evidence supports.
OAuth2 tokens are stored securely and never logged.
Document that tokens are stored in a local JSON file, set restrictive file permissions, consider OS keychain storage, and tell users how to revoke OAuth access and delete the token file.
A future dependency change could alter behavior or introduce a vulnerability even though the listed packages are purpose-aligned.
These are expected Google API dependencies for the skill, but lower-bound-only version ranges allow future dependency versions to be installed without a pinned, reviewed lockfile.
google-api-python-client>=2.0.0; google-auth-httplib2>=0.1.0; google-auth-oauthlib>=0.4.0
Pin reviewed dependency versions or provide a lockfile and update them intentionally.