ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

gmailcleaner

v1.0.0

Reads emails from Gmail (all folders/labels) using the gog CLI. Use when the user asks to check email, read inbox, show unread messages, list folders, search...

0· 339·0 current·0 all-time
by@coorops25
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (Gmail reader/manager) match the runtime instructions: all commands use the gog CLI and the documented env vars (GOG_ACCOUNT, ANTHROPIC_API_KEY for analyzer/responder, NOTIFY_CHANNEL for scheduler) make sense for the listed features. However, the registry-level 'Required env vars' field is malformed ([object Object]) which is inconsistent with the SKILL.md files and suggests a metadata/packaging error that should be fixed.
!
Instruction Scope
The SKILL.md instructions go beyond simple read-only queries: they show how to configure OAuth credentials (client_secret.json), read and write local OpenClaw files (~/.openclaw/openclaw.json, HEARTBEAT.md, ~/.openclaw/workspace/email_audit.log, prompts_log.md), and set up cron/heartbeat jobs and notification channels. Organizing/deleting commands include examples of destructive batch operations (trash/delete) — the organizer doc mandates user confirmation, but the skill's ability to create scheduled automation and write configs means it can enable persistent background actions. The analyzer/responder parts also instruct sending email content to an external AI service (Anthropic) unless privacy_mode is enabled. These behaviors are within the skill's purpose but increase impact and require explicit user consent and careful configuration.
Install Mechanism
Install uses a Homebrew formula: steipete/tap/gogcli which produces the gog binary. A brew tap is a standard install path; however it is a third-party tap (not the main Homebrew core). This is a moderate-risk install source compared with an official project/tap — you should inspect the tap/formula source before installing.
!
Credentials
Requested environment/config access in SKILL.md (GOG_ACCOUNT, optional ANTHROPIC_API_KEY, NOTIFY_CHANNEL) is justified by the skill features. Concerns: (1) SKILL registry metadata is malformed and doesn't clearly list the required env vars; (2) the skill requires OAuth client credentials (client_secret.json) and instructs running 'gog auth credentials /path/to/client_secret.json' — that requires access to a local secrets file; (3) analyzer/responder will send email content to an external AI API (Anthropic) unless privacy_mode is enabled, so providing that API key allows email contents to be sent to a third-party. These are proportionate only if you knowingly provide them.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges, but it documents how to add cron jobs and heartbeat entries (scheduled background checks and notifications) and to write audit logs and prompt-detection logs. That gives it a persistent effect once enabled. The SKILL.md generally recommends confirmations for destructive actions and asks the user before activating scheduled jobs, but you should confirm whether the agent or the install routine will modify configs automatically or only provide instructions.
Scan Findings in Context
[prompt-injection-ignore-previous-instructions] expected: The analyzer explicitly looks for prompt-injection patterns inside email bodies (e.g., 'Ignore previous instructions'). Detection of these strings in SKILL.md is expected because the skill is designed to find such text in emails.
[prompt-injection-you-are-now] expected: The analyzer's detection list includes 'you are now' and similar phrases; presence of these examples in the SKILL.md is consistent with the analyzer functionality (not evidence of maliciousness by itself).
What to consider before installing
What to check before installing/using this skill: 1) Fix/inspect metadata: the registry shows 'Required env vars: [object Object]'. Confirm the skill will request only the env vars you expect (GOG_ACCOUNT; optionally ANTHROPIC_API_KEY and NOTIFY_CHANNEL). Ask the publisher to correct the package metadata. 2) Inspect the brew tap before installing: the formula comes from steipete/tap. Review the tap/formula repository (and gog CLI source) so you trust the binary you're installing. 3) OAuth credentials: the skill requires you to provide Google OAuth credentials (client_secret.json) and run gog auth. Keep that credentials file private and follow Google best practices. Be careful where you store it and who you grant file permissions to. 4) External AI API: the analyzer and responder use Anthropic (ANTHROPIC_API_KEY) to process email contents unless privacy_mode is enabled. Only provide that API key if you are comfortable with email content being sent to that external service; enable privacy_mode (or anonymize sensitive content) if you prefer. 5) Confirm destructive and automated actions: email-organizer includes destructive commands (trash/delete) but the docs mandate explicit confirmation. Before enabling scheduled cron/heartbeat jobs or allowing the agent to run automatically, confirm whether enabling is manual. Do not enable automatic background jobs or notification channels until you understand what will run and when. 6) Audit/logs and exports: the skill saves audit logs and detected prompts to files in ~/.openclaw/workspace and can export data to Google Sheets via gog sheets (requires SHEET_ID/credentials). If you want privacy, verify where logs are stored and consider enabling privacy_mode. 7) Test in a controlled environment: try read-only queries first (search/get) and avoid granting send/delete permissions until satisfied. Ask the skill author whether any install step will write to OpenClaw config files automatically or only provide instructions for you to apply. If you want, I can produce a short checklist of specific commands and files to inspect (brew formula URL, gog binary SHA, openclaw config diffs) before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97170nkx4qdrmk9h71608bnm581wbq0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📥 Clawdis
Binsgog
Env[object Object]

Install

Install gog CLI (brew)
Bins: gog
brew install steipete/tap/gogcli

SKILL.md

Email Reader

Lee correos de Gmail usando el CLI gog. Requiere que gog auth esté configurado. Si no lo está, ejecuta el setup primero.

Setup inicial (solo una vez)

gog auth credentials /ruta/a/client_secret.json
gog auth add $GOG_ACCOUNT --services gmail
gog auth list   # verificar que quedó bien

Cuándo usar esta skill

  • "Revisa mi correo"
  • "¿Qué correos nuevos tengo?"
  • "Muéstrame los no leídos de hoy"
  • "Lee los correos de Juan"
  • "Busca correos sobre la propuesta del Q1"
  • "¿Cuántos correos de spam tengo?"
  • "Muéstrame el hilo de [asunto]"
  • "Lee la carpeta Clientes"

Comandos principales

Leer inbox (correos recientes)

gog gmail search 'in:inbox newer_than:1d' --max 20 --json
gog gmail search 'in:inbox is:unread' --max 50 --json
gog gmail search 'in:inbox newer_than:7d' --max 100 --json

Leer spam

gog gmail search 'in:spam newer_than:30d' --max 50 --json

Leer una carpeta/etiqueta específica

# Etiquetas de sistema
gog gmail search 'in:sent newer_than:7d' --max 20 --json
gog gmail search 'in:drafts' --max 20 --json
gog gmail search 'in:trash newer_than:30d' --max 20 --json
gog gmail search 'is:starred' --max 20 --json

# Etiquetas personalizadas (carpetas del usuario)
gog gmail search 'label:Clientes newer_than:30d' --max 20 --json
gog gmail search 'label:Proyectos' --max 20 --json
gog gmail search 'label:Facturas newer_than:90d' --max 20 --json

Buscar correos

# Por remitente
gog gmail search 'from:juan@empresa.com newer_than:30d' --max 20 --json

# Por asunto
gog gmail search 'subject:propuesta' --max 10 --json

# Por contenido
gog gmail search 'propuesta presupuesto 2026' --max 10 --json

# Combinado
gog gmail search 'from:ceo@empresa.com is:unread newer_than:7d' --max 10 --json

# Con adjuntos
gog gmail search 'has:attachment in:inbox newer_than:7d' --max 10 --json

Filtros de tiempo útiles

FiltroSignificado
newer_than:1dúltimo día
newer_than:7dúltima semana
newer_than:30dúltimo mes
older_than:180dmás de 6 meses
after:2026/01/01desde fecha exacta

Presentación de resultados

Después de obtener el JSON, presenta un resumen claro al usuario:

📥 INBOX — 8 correos nuevos (3 no leídos)

  ⭐ [hoy 09:14] ceo@empresa.com
     "Reunión urgente esta tarde"

  📧 [hoy 08:30] juan@empresa.com
     "Re: Propuesta Q1 2026"

  📰 [ayer 18:00] newsletter@medium.com
     "Top 10 AI tools this week"
  ...

¿Quieres que analice estos correos o que responda alguno?

Múltiples cuentas

Si el usuario tiene más de una cuenta de Gmail:

# Listar cuentas configuradas
gog auth list

# Leer de una cuenta específica
gog gmail search 'in:inbox is:unread' --account otra@gmail.com --max 20 --json

# Cambiar cuenta por defecto
export GOG_ACCOUNT=otra@gmail.com

Notas importantes

  • Usar siempre --json para obtener datos estructurados
  • Usar --no-input en modo automático/cron para evitar prompts interactivos
  • El flag --max limita resultados; aumentar si el usuario quiere más
  • Los resultados de búsqueda de Gmail usan la misma sintaxis que gmail.com

Files

8 total
Select a file
Select a file to preview.

Comments

Loading comments…