Back to skill

Security audit

Google Suite Skill

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it says, but it needs Review because it grants broad persistent Google account access and performs high-impact actions without built-in safeguards.

Install only if you are comfortable granting this skill broad ongoing access to the connected Google account. Use a low-risk or dedicated Google account where possible, require human confirmation before send/delete/update/upload/download actions, keep google_suite_tokens.json private, and revoke or delete the token when the skill is no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The skill description materially understates its capabilities by presenting unified access to Gmail while also exposing destructive deletion operations. In an agent context, misleading descriptions increase the chance that users or orchestrators grant permissions or invoke actions without understanding that irreversible mailbox changes are possible.

Intent-Code Divergence

Low
Confidence
92% confidence
Finding
The scope comment is phrased neutrally, but the actual OAuth scopes include broad modify/send/full calendar/full drive permissions. This mismatch can conceal the true privilege level of the skill and lead to overbroad authorization in environments that rely on inline descriptions for review.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill exposes destructive operations such as deleting emails, calendar events, and Drive files without any documented confirmation, dry-run mode, or warning about irreversible actions. In an agent context, this increases the risk of accidental or prompt-induced destructive behavior that could cause data loss in a user's Google account.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
Documenting local OAuth token storage without warning users that the token file is sensitive can lead to insecure handling, accidental sharing, or weak filesystem protections. Because the skill has broad Gmail, Calendar, and Drive scopes, compromise of that token file could grant substantial access to email, files, and calendar data.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill persists OAuth access and refresh tokens to a predictable local file in the skill directory without any visible permission hardening or disclosure. If the host environment is multi-user, backed up, or otherwise accessible, token theft could grant ongoing access to Gmail, Calendar, and Drive with broad privileges.

Missing User Warnings

High
Confidence
91% confidence
Finding
The skill exposes a Gmail delete operation that irreversibly removes messages without any confirmation, safety interlock, or soft-delete alternative. In an agent setting, prompt injection, parameter confusion, or simple mistakes could cause loss of important emails.

Missing User Warnings

High
Confidence
90% confidence
Finding
The calendar delete action is destructive and has no confirmation, undo mechanism, or policy gate. In an agent-driven workflow, this raises the risk of accidental or adversarial deletion of meetings and scheduling data.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The download function writes remote content to an arbitrary caller-controlled local path without validation or sandboxing. If an attacker can influence parameters, this can overwrite files, drop content in sensitive locations, or facilitate persistence and local compromise depending on the runtime permissions.

Missing User Warnings

High
Confidence
90% confidence
Finding
The Drive delete action permanently removes files without confirmation, approval, or recovery safeguards in the code. In an autonomous or semi-autonomous agent environment, that makes accidental or manipulated destructive actions significantly more dangerous.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.