gmailcleaner
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This is more than a Gmail reader: the bundle also documents broad Google access, email deletion/sending, external AI analysis, exports, and background monitoring.
Install this only if you want the broader email automation suite, not just a Gmail reader. Before using it, review gog OAuth scopes, avoid enabling scheduler jobs unless you truly want background monitoring, require confirmation for any send/delete/bulk action, and be comfortable with email contents being sent to external AI services.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could be configured with Google account authority beyond reading mail, including Gmail mutations and access to Sheets or Docs through other included workflows.
The setup asks the user to authorize Gmail plus Sheets and Docs. That is broader than the registry/root description of a Gmail reader and the registry metadata lists no primary credential.
gog auth add tu@gmail.com --services gmail,sheets,docs
Use least-privilege Google scopes/accounts, install only the reader if that is all you need, and require metadata to declare all credentials and services.
A mistaken query or approval could move, archive, mark, or delete many messages.
The included organizer skill documents bulk Gmail mutations over hundreds of messages. It includes confirmation guidance, but this is still high-impact authority beyond a read-only email-reader scope.
gog gmail search 'in:spam older_than:7d' --max 500 --json ... | xargs -I{} gog gmail trash {}Require explicit previews, small limits, and user confirmation before every bulk or destructive Gmail operation.
False spam/phishing/priority judgments could lead to messages being moved or response workflows being triggered.
The analyzer can automatically chain AI classifications into organizer or responder workflows, so one incorrect analysis could propagate into mailbox changes or generated replies.
el agente puede encadenar automáticamente: - email-organizer: mover spam detectado a papelera - email-responder: generar borradores
Make cross-skill actions opt-in, show the exact affected messages, and require confirmation before mutations or sending.
Private email contents, senders, subjects, and tasks may be transmitted to an external AI provider.
The analyzer sends batches of email data to Claude, and the sample configuration disables privacy mode. Email content can be highly sensitive.
Prompt para análisis batch (enviar a Claude) ... Correos a analizar: [LISTA_DE_CORREOS_JSON] ... privacy_mode: false
Ask before sending mailbox data to external AI, minimize fields, enable anonymization where possible, and document provider retention/privacy expectations.
The agent could keep checking email and sending notifications after the initial task if the scheduler is enabled.
The included scheduler documents persistent background email checks and alerts, which are not part of the root reader-only description.
Automates periodic Gmail management using OpenClaw cron jobs and heartbeat ... run the email agent periodically in the background.
Enable scheduled jobs only after explicit user setup, make them easy to list/disable, and keep background jobs separate from the reader skill.
Your Google access depends on the safety and provenance of the external gog CLI.
The skill relies on an external Homebrew-installed CLI for all Google operations. This is expected for the stated design, but the CLI becomes part of the trust boundary.
brew install steipete/tap/gogcli
Install gog only from a trusted source, review its requested OAuth scopes, and keep it updated.