Skillv1.0.0

ClawScan security

Gmail Briefings · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 15, 2026, 3:18 AM

Verdict: Review
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions expect a third‑party CLI and user config files (which may contain credentials) but the registry metadata does not declare those dependencies or required credentials — this mismatch is concerning.
Guidance: This skill's instructions expect the 'gog' (himalaya/gog) CLI and to read a local config (~/.config/gog/config.toml) that may contain tokens for your Gmail account, but the registry metadata does not declare these dependencies or credentials. Before installing or enabling: 1) Verify the skill's source/owner and find an authoritative repository or homepage. 2) Confirm you have and trust the 'gog' CLI; inspect what credentials it stores in ~/.config/gog/config.toml before allowing the skill to read it. 3) Ask the maintainer to explicitly declare required binaries, config paths, and any credential usage (or provide an install script). 4) Ensure the agent is allowed to run only when you invoke it (disable autonomous invocation) until you confirm behavior. If you cannot verify these points, treat the skill as risky because it could access sensitive mailbox credentials without making that explicit.
Findings: [no_scan_findings] expected: Regex scanner found no code files to analyze (skill is instruction-only). This is expected given the package contents, but it means the SKILL.md itself is the primary security surface and must be evaluated for sensitive operations (it references reading config files and running a CLI).

Review Dimensions

Purpose & Capability: concernThe SKILL.md expects and instructs use of the 'gog' (himalaya/gog) CLI and templates/assets (e.g., assets/ and refs/gmail-filters.md) to read and act on Gmail, but the registry metadata lists no required binaries, no primary credential, and no required config paths. A Gmail triage skill would legitimately need either the gog binary or an explicit OAuth/API credential and a declared config path; those are missing here.
Instruction Scope: concernRuntime instructions tell the agent to run commands like 'gog g inbox unread' and to 'read references/gog-sop.md for auth/config', and the referenced file points to '~/.config/gog/config.toml'. That implies reading user config files (likely containing tokens/OAuth state) and running a local CLI with mailbox access — actions that access sensitive data yet are not declared. The SKILL.md also references local assets and other reference files that are not present in the package.
Install Mechanism: noteThere is no install spec (instruction-only), which lowers installation risk, but the lack of an install declaration is inconsistent with the explicit runtime dependency on the external 'gog' CLI. The skill should declare required binaries or provide an install step for gog if it truly depends on it.
Credentials: concernThe skill declares no required environment variables or credentials, yet instructions reference a config path (~/.config/gog/config.toml) and a specific account (iamjh86@gmail.com). Reading that config could expose OAuth tokens or other secrets. The requested access is disproportionate to what's declared in metadata.
Persistence & Privilege: okThe skill does not request always: true or other elevated persistence. It is user-invocable and allows autonomous invocation (default), which is normal for skills — but combined with the other concerns this increases potential impact.