ClawEmail
ReviewAudited by ClawScan on May 10, 2026.
Overview
ClawEmail appears to be a coherent Google Workspace helper, but it needs powerful OAuth credentials that let an agent read/send email and change Google files.
Install only if you trust ClawEmail with the Google Workspace account you connect. Review OAuth scopes, protect the credentials and cache files, and double-check any send, upload, create, or modify action before letting the agent run it.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked on the wrong prompt or with incorrect details, the agent could send messages or make other Google Workspace changes from the connected account.
The skill documents direct Google API calls that can send email from the connected account. This is central to the stated purpose, but it is a high-impact account action.
curl -s -X POST ... "https://gmail.googleapis.com/gmail/v1/users/me/messages/send"
Review recipients, message bodies, file names, and other mutation details before allowing send, upload, create, or modify actions.
Anyone who can read or misuse these credentials may be able to access the connected Google Workspace account according to the OAuth scopes granted.
The helper reads OAuth client-secret and refresh-token material from the credentials file and exchanges it for a Google bearer token. This is expected for the integration but grants delegated Google account access.
CLIENT_SECRET=$(python3 -c ... ['client_secret']) ... REFRESH_TOKEN=$(python3 -c ... ['refresh_token']) ... curl -s -X POST https://oauth2.googleapis.com/token
Use the least-privileged or dedicated Google account feasible, review the OAuth consent scopes, protect the credentials file, and revoke the token if the skill is no longer needed.
On a shared or weakly permissioned machine, another local user or process might read the cached bearer token while it is valid.
The script stores the short-lived access token locally. The behavior is disclosed and purpose-aligned, but the artifact does not show explicit file-permission hardening.
CACHE_FILE="$CACHE_DIR/access_token" ... echo -n "$ACCESS_TOKEN" > "$CACHE_FILE"
Ensure the credentials and cache directories are private to your user account, for example by using restrictive file permissions.
Using the skill requires trusting the ClawEmail service and its OAuth setup with access to the connected Google Workspace account.
The setup depends on an external ClawEmail credential/OAuth provider. This is disclosed and coherent with the skill, but users must trust that provider for Google Workspace authorization.
Get credentials at https://clawemail.com — sign up, then visit `/connect/YOUR_PREFIX` to authorize OAuth.
Confirm you trust ClawEmail, inspect the OAuth consent screen, and understand how to revoke access from your Google account.