Back to skill
Skillv1.0.1
ClawScan security
ClawEmail · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 11, 2026, 9:09 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's requirements, instructions, and included script are consistent with a Google Workspace integration that uses an OAuth refresh token; it behaves as described but requires you to trust the external ClawEmail service and to protect the sensitive credentials file.
- Guidance
- This skill is coherent for accessing Google Workspace, but it requires you to trust ClawEmail (https://clawemail.com) as the source of the OAuth credentials. Before installing or using the skill: 1) Verify the ClawEmail service and the domain are legitimate and trustworthy. 2) Understand that CLAWEMAIL_CREDENTIALS likely contains client_id, client_secret, and a refresh_token — these grant access to your Google account; only provide credentials you control and audit the OAuth scopes. 3) Store the credentials file with restrictive permissions (chmod 600) and consider using an OAuth client you created (not a third-party client secret) or a least-privilege scope. 4) Review the included scripts/token.sh (it posts client_secret/refresh_token to https://oauth2.googleapis.com/token) and the cache path (~/.cache/clawemail/access_token); ensure these files are protected and revoke tokens if you suspect compromise. 5) If you cannot verify ClawEmail's legitimacy or are uncomfortable sharing full refresh tokens, do not install/use this skill or create limited-scope credentials specifically for it.
Review Dimensions
- Purpose & Capability
- okName/description (Google Workspace access) match the instructions and the single required credential (CLAWEMAIL_CREDENTIALS). The SKILL.md and token helper provide curl/python examples for Gmail, Drive, Docs, Sheets, Calendar, etc., which is consistent with the stated purpose.
- Instruction Scope
- noteInstructions are scoped to Google APIs and the included token.sh helper; they tell the agent where to place credentials (~/.config/clawemail/credentials.json), how to obtain a Bearer token, and how to call Gmail/Drive/etc. The SKILL.md points users to https://clawemail.com to obtain credentials — that external dependency is expected for this design but requires user trust in that provider.
- Install Mechanism
- okNo install script or remote downloads. The skill is mostly instruction-only with one local shell helper (scripts/token.sh). No archives or third-party package installs are fetched at install time.
- Credentials
- noteOnly CLAWEMAIL_CREDENTIALS is required. That JSON is expected to include client_id, client_secret, and a refresh_token — highly sensitive but proportionate for a service that must mint Google access tokens. The skill does not request unrelated credentials, but providing these secrets to the skill (and to the ClawEmail service) grants broad access to the Google account unless scopes are limited.
- Persistence & Privilege
- okalways:false and model invocation is allowed (normal). The script caches an access token under XDG_CACHE_HOME or ~/.cache/clawemail/access_token; it does not modify other skills or system-wide settings. Token cache file and credentials file should be protected via OS permissions to avoid local disclosure.