ClawHub

Google Power Tools

Security checks across malware telemetry and agentic risk

Overview

This is a real Google Workspace helper, but it asks for broad account access and shows high-impact actions without enough scoping or confirmation guidance.

Install only if you intentionally want an agent to help operate a real Google Workspace account. Use the narrowest OAuth scopes you can, protect ~/.config/gws, verify the npm package source, and require explicit confirmation before sending email, changing sharing, deleting files/events/tasks, clearing tasks or sheet ranges, or making bulk edits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Vague Triggers

High
Confidence
96% confidence
Finding
The skill description explicitly instructs the agent to use this skill for a very broad set of common terms, including generic words like 'email', 'spreadsheet', 'presentation', and even any Google Workspace operation 'even if they don't say gws'. This can cause unintended invocation for ambiguous requests and route sensitive mailbox, file, calendar, or contact operations through a high-privilege tool without sufficiently specific user intent.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documentation presents many state-changing and data-accessing commands for email, files, calendars, tasks, contacts, and forms, but does not pair them with consistent warnings or confirmation guidance for operations that can send messages, modify data, share content, or expose private information. In an agent setting, this increases the chance of privacy-impacting or destructive actions being performed without the user understanding the consequences.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The reference documentation includes destructive calendar operations such as event deletion and modification without any cautionary note, confirmation guidance, or examples of safer read-only alternatives. In an agent skill context, this increases the risk that an automated system or user will invoke state-changing commands on real Google Calendar data without appreciating the consequences, leading to accidental data loss or disruption.

Missing User Warnings

High
Confidence
98% confidence
Finding
The example shows `gws calendar calendars delete` with no warning that deleting a calendar can permanently remove access to calendar contents and disrupt users, workflows, and shared scheduling. Because this skill is explicitly intended for Google Workspace operations, the example is more dangerous than generic shell documentation: an agent or user may treat it as a normal supported action and execute it against production calendars.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation explicitly shows how to list Google Forms responses, which can expose sensitive submitted data such as names, contact details, free-text responses, or other personal information. In a skill designed to broadly handle Google Workspace operations, presenting response-access commands without any warning, consent guidance, or least-privilege constraints increases the risk of unauthorized or overbroad data access.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The reference includes direct examples for deleting a single task and clearing all tasks from the default tasklist without any warning, confirmation step, or indication that these actions are irreversible. In an agent skill context, operators or downstream agents may copy these commands verbatim, increasing the chance of accidental destructive actions against real user data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal