Gmail Label Manager
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill appears to perform Gmail organization, but it requires undeclared Gmail account authority and includes broader personalized email handling, logging, and optional Telegram configuration that are not clearly disclosed in its metadata.
Review this skill carefully before installing. Only use it if you are comfortable granting Gmail API access to the `gog` CLI, understand that it can archive emails and remove labels/unread state, and have inspected or customized the hard-coded patterns. Start with manual one-message tests, avoid setting Telegram tokens unless you want Telegram notifications, and monitor or clean up any generated logs and digest files.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may grant Gmail account access without the registry clearly showing that the skill needs it, and the script can change message labels, unread state, and inbox visibility.
The published credential and dependency contract says no account credential or binary is required, but the skill requires an authenticated Gmail CLI and is designed to mutate Gmail messages.
Metadata: "Primary credential: none" and "Required binaries ... none"; SKILL.md: "Install the `gog` CLI and authenticate it for Gmail API access."
Declare the Gmail credential and `gog` binary requirement clearly, document the exact Gmail OAuth scopes needed, and use a revocable least-privilege token where possible.
Incorrect classification could cause important unread emails to be archived or marked differently than expected.
These are disclosed, purpose-aligned operations, but they are high-impact Gmail mutations that can hide messages from the inbox or change their unread state.
Adds the determined label(s) ... Removes irrelevant CATEGORY labels (`CATEGORY_PERSONAL`, `CATEGORY_PROMOTIONS`, `CATEGORY_UPDATES`, `UNREAD`, etc.). ... Archives the email by removing the `INBOX` label.
Run in a dry-run/test mode first if available, keep the one-email-per-run limit until trust is established, and review the script before enabling any automated pipeline.
Users may not realize the script is scanning for family, school, financial, medical, and security-related email content rather than only learning labels from archived messages.
The SKILL.md frames the behavior as dynamic labeling based on archived emails, but the script contains many hard-coded personalized and sensitive classification rules that are not clearly disclosed.
# FAMILY-SPECIFIC CONFIGURATION ... declare -A EMAIL_PATTERNS=( ... # Financial & Payments ... # School & Children ... # Health & Medical ... # Security & Alerts
Update SKILL.md to disclose the static/personalized rules, make the patterns configurable, and remove any example family or medical assumptions before distribution.
If enabled elsewhere in the script, Gmail-derived notifications or logs could be sent to a Telegram chat.
The script includes optional Telegram-related configuration that is not mentioned in SKILL.md or declared as environment variables. The provided excerpt does not prove messages are sent, but it indicates a possible external notification/logging boundary.
readonly TELEGRAM_LOG="${LOG_DIR}/telegram-log.txt"; readonly TELEGRAM_BOT_TOKEN="${TELEGRAM_BOT_TOKEN:-}"; readonly TELEGRAM_CHAT_ID="${TELEGRAM_CHAT_ID:-}"Do not set Telegram variables unless you intend that integration, and the publisher should document exactly what is sent to Telegram.
Sensitive email metadata or summaries may remain on disk after the script runs, depending on what later script sections write.
The script creates persistent local files for logs, a weekly digest, and configuration. For a Gmail-processing tool, those files may contain or influence sensitive email handling.
readonly LOG_FILE="${LOG_DIR}/gmail-label-log.txt"; readonly DIGEST_FILE="${SCRIPT_DIR}/weekly-digest.txt"; readonly CONFIG_FILE="${SCRIPT_DIR}/config.json"Review log and digest contents, restrict file permissions, and define retention or cleanup behavior.
A user could install the wrong or untrusted `gog` binary and grant it Gmail access.
The skill relies on an external CLI for Gmail access, but the artifacts do not provide a source, version pin, install spec, or provenance guidance.
Source: unknown; Homepage: none; No install spec; SKILL.md: "Install the `gog` CLI and authenticate it for Gmail API access."
Document the official `gog` source, pin a known version, and verify the binary before authenticating it to Gmail.