gog-restricted
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is mostly coherent and tries to restrict Google Workspace access, but it still enables sensitive Gmail/Calendar reads and account changes, installs a persistent sudo wrapper, and its allowlist is broader than its safety wording implies.
Review this skill before installing. It is not clearly malicious and it tries to block email sending, forwarding, Drive access, and destructive deletes, but it can still read sensitive Google Workspace data, modify Gmail labels, create calendar events, and replace the local `gog` executable with a persistent sudo-installed wrapper. Use it only with a controlled Google account and require explicit approval before any mailbox or calendar change.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could change Gmail labels, archive/trash/mark messages, or create calendar events in the connected Google account if invoked with the wrong parameters.
The skill explicitly avoids prompts while allowing mailbox mutations and calendar creation, but it does not require user confirmation or define safe limits for these account-changing actions.
Always use `--no-input` to avoid interactive prompts ... `gog gmail batch modify <messageId> ... --add <label> --remove <label>` ... `gog calendar create <calendarId> --summary '...' --from '...' --to '...' --json`
Before installing, require explicit user approval for any Gmail label/batch modification or calendar creation, and review exact message IDs, labels, calendar IDs, and event details before execution.
The security wrapper may not enforce the documented command boundary as tightly as users expect.
The wrapper allows broad two-word command prefixes such as `gmail labels` and `gmail thread`, which is wider than the documented per-command allowlist and may allow additional underlying subcommands if they exist.
"gmail thread"|\
"gmail labels"|\
"calendar create"|\Narrow the wrapper to exact allowed subcommands and argument patterns, and avoid broad namespace matches unless every subcommand under that namespace is intentionally allowed.
The agent can operate against the Google account selected by the local `gog` configuration or `GOG_ACCOUNT` environment variable.
The skill uses existing Google Workspace account configuration and can list stored accounts; this is expected for a Google CLI integration but is not declared as a primary credential in the metadata.
Default: via GOG_ACCOUNT env ... `gog auth list` — list stored accounts
Confirm which Google account is active before use, and prefer a least-privileged account or profile with only the needed Gmail/Calendar scopes.
Private messages, attachments, event details, and schedule information may be exposed to the agent during normal use.
The allowed commands can retrieve private email and calendar content into the agent context; this is purpose-aligned but sensitive.
`gog gmail read <messageId>` ... `gog gmail thread <threadId> --json` ... `gog calendar events [<calendarId>] --json`
Use precise searches and IDs, avoid loading unnecessary messages or attachments, and do not run it on accounts containing data you do not want the agent to see.
Future `gog` commands will go through this wrapper until the binary is restored.
The setup script persistently replaces the existing `gog` executable with a wrapper and stores the real binary as `.gog-real`; this is disclosed but modifies a local executable with sudo.
sudo mv "$GOG_BIN" "$GOG_REAL" ... sudo tee -a "$GOG_BIN" ... sudo chmod +x "$GOG_BIN"
Install only if you trust this wrapper, verify the path returned by `command -v gog`, and keep a clear rollback plan to restore the original binary.