Tmp.ZvBQwLjjXS
SuspiciousAudited by ClawScan on May 12, 2026.
Overview
This skill is meant for Google Classroom, but it gives an agent broad ability to change courses, rosters, assignments, and grades through an unreviewed npm-launched MCP server using an authenticated Google account.
Install only if you are comfortable giving an agent Google Classroom administrative capabilities. Pin and verify the npm package, use the least-privileged Google account possible, and require explicit confirmation before deleting courses, changing rosters, grading/returning work, accepting invitations, or using the escape-hatch command.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked incorrectly, the agent could alter or delete classroom content, remove people, or change grades and submission states.
The skill exposes tools that can materially change Classroom courses, rosters, and student work outcomes. The artifacts do not describe explicit approval, scoping, or rollback requirements for these high-impact actions.
Courses | list / get / create / update / delete / archive / unarchive ... Students | list / get / add / remove ... Submissions | list / get / grade / return / turn-in / reclaim
Only use with explicit per-action confirmation for destructive or grading/roster changes, and limit it to the minimum necessary Google account permissions.
The agent may be able to perform broader Classroom actions than the named tools imply, increasing the chance of unintended account changes.
The documented escape hatch suggests raw or less-constrained Classroom operations beyond the dedicated tools, without explaining limits, validation, or user-approval requirements.
For guardians, guardian-invitations, materials, and assignee management, use `gog_classroom_run` (the escape hatch).
Avoid using the escape hatch unless the exact command and impact are reviewed by the user first.
A changed or compromised npm package could run with access to the user's authenticated Google Classroom environment.
The setup launches an external npm package without a version pin. Because the provided artifact set contains no code files, the runtime code handling the authenticated Classroom account is outside this review.
"command": "npx", "args": ["-y", "gogcli-mcp-classroom"]
Pin and verify the package version, review the package source before use, and run it under a least-privilege Google account.
The agent will operate through the selected Google account and may access or change Classroom data visible to that account.
The skill requires an authenticated Google account, which is expected for Classroom management but grants access to sensitive school and account data.
- [gogcli](https://github.com/steipete/gogcli) installed and authenticated ... "GOG_ACCOUNT": "you@gmail.com"
Use a dedicated, least-privileged account where possible and confirm which Google account is selected before performing actions.