Google Chat
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked with the wrong message or destination, the agent could post unwanted information to a Google Chat space or another supplied webhook endpoint.
The helper sends a user-supplied message to a user-supplied webhook URL. This is the intended function, but it is still an outbound posting capability.
webhook_url = sys.argv[1] message = sys.argv[2] ... req = urllib.request.Request(url, data=data, headers=headers) ... urllib.request.urlopen(req)
Use only trusted Google Chat webhook URLs and verify the message content and destination before sending.
The saved token can let the skill continue sending messages and listing accessible Chat spaces/memberships until the token is removed or access is revoked.
The OAuth flow requests permission to send messages, access spaces, read memberships, and stores the resulting token for later reuse.
SCOPES = ['https://www.googleapis.com/auth/chat.messages', 'https://www.googleapis.com/auth/chat.spaces', 'https://www.googleapis.com/auth/chat.memberships.readonly']
...
with open(token_path, 'w') as token:
token.write(creds.to_json())Store the token file securely, use the least-privileged Google account appropriate for the task, and revoke/delete the token when no longer needed.
Future package changes or a compromised local Python environment could affect the behavior of the helper scripts.
The setup instructions install external Python packages without version pins. This is expected for a Google API integration but leaves dependency provenance and versions to the user environment.
pip install google-auth-oauthlib google-auth-httplib2 google-api-python-client
Install dependencies in a virtual environment and consider pinning known-good versions if using this in production.