Back to skill

Security audit

Clawemail

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Google Workspace helper, but it gives an agent broad power over email, files, documents, calendars, and forms with weak built-in guardrails.

Install only if you trust ClawEmail.com and the publisher with broad Google Workspace access. Prefer a dedicated or least-privilege Google account, protect the credentials file and token cache, and require manual review before the agent sends email, shares files, exports private content, edits documents, clears sheets, or deletes files/events.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill invokes shell commands extensively but declares no explicit permissions, which weakens the platform's ability to gate or review execution risk. In this context, shell access is central to reading credentials, refreshing tokens, and making network calls, so undeclared capability use materially increases the chance of unintended or opaque privileged actions.

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The description frames the skill as broad Google Workspace automation, but the documented behavior also includes handling OAuth credentials, refreshing access tokens, and caching bearer tokens locally. That omission hides security-sensitive behavior from users and reviewers, making it easier to exfiltrate or misuse long-lived delegated access without informed consent.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The metadata instructs proactive invocation for very broad classes of common productivity tasks, which can cause the skill to activate without clear user intent for sensitive email, file, or calendar operations. Because the skill can read, modify, share, and delete data across Google services, overbroad triggering materially raises the risk of privacy-impacting or destructive actions.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The 'When to Use' section is written as an expansive catch-all without guardrails, exclusions, or confirmation requirements. In a skill with access to email, files, and calendars, such broad activation guidance increases the chance of unauthorized data access or unintended modifications.

Missing User Warnings

High
Confidence
96% confidence
Finding
The skill documents capabilities to search/read email, upload/download/share/delete files, and create/update/delete calendar items, but provides no clear safety warnings about privacy exposure or destructive consequences. Given the breadth of Google Workspace access, this omission makes accidental exfiltration, oversharing, and data loss substantially more likely.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The setup instructions direct the user to store OAuth credentials and expose their path via an environment variable, but omit warnings about the sensitivity of the credential file and downstream token generation. This can lead to insecure storage, accidental leakage in logs, or reuse by other local processes.

Credential Access

High
Category
Privilege Escalation
Content
Get credentials at https://clawemail.com — sign up, then visit `/connect/YOUR_PREFIX` to authorize OAuth.

## Getting an Access Token

All API calls need a Bearer token. Use the helper script to refresh and cache it:
Confidence
93% confidence
Finding
Access Token

Session Persistence

Medium
Category
Rogue Agent
Content
---
name: clawemail
description: "Google Workspace via ClawEmail.com service — Gmail, Drive, Docs, Sheets, Slides, Calendar, Forms. Use PROACTIVELY when the user asks to send email, create documents, manage files, schedule events, or work with any Google service."
metadata: {"openclaw":{"emoji":"🦞","requires":{"env":["CLAWEMAIL_CREDENTIALS"]},"primaryEnv":"CLAWEMAIL_CREDENTIALS"}}
---
Confidence
84% confidence
Finding
create documents, manage files, schedule events, or work with any Google service." metadata: {"openclaw":{"emoji":"🦞","requires":{"env":["CLAWEMAIL_CREDENTIALS"]},"primaryEnv":"CLAWEMAIL_CREDENTIALS"}

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.