ClawHub

Google Chat

Security checks across malware telemetry and agentic risk

Overview

This skill is a clear Google Chat messaging helper, with expected risks around protecting chat destinations, webhook URLs, and OAuth tokens.

Before installing, treat webhook URLs, OAuth credentials, and token files as secrets. Confirm the destination and message content before sending, avoid posting secrets or regulated data unless approved, use the least-privileged Google account or app suitable for the task, and revoke/delete OAuth tokens when the skill is no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The documentation says DMs cannot be created dynamically by email, but later provides an example using --dm with an email address. This contradiction can mislead users into believing the skill supports direct user targeting, increasing the risk of misrouted messages, failed automations, or unsafe workarounds involving broader scopes or ad hoc code changes.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The README explicitly instructs users to send messages to Google Chat via webhooks and OAuth but does not warn that message content, recipient identifiers, space metadata, and OAuth-granted workspace data will be transmitted to Google services. In a messaging/integration skill this is expected functionality, but the missing disclosure can still cause users to unknowingly route sensitive information to a third party or grant broader access than they realize.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill encourages sending arbitrary messages to Google Chat and storing OAuth credentials and tokens locally, but does not prominently warn users about sensitive data exposure, third-party transmission, or secure handling of credential files. In practice, users may paste secrets, alerts, internal links, or personal data into messages and leave long-lived tokens readable on disk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal