Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Human Google Manager
v2.0.0Manages Gmail, Calendar, Sheets, Docs, Drive, Contacts, and Tasks with human touch, mandatory confirmation, and automatic to-do detection.
⭐ 1· 54·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The SKILL.md describes managing Gmail, Calendar, Drive, Sheets, Docs, Contacts, and Tasks (send emails, move events, update sheets, create docs, create tasks). Those capabilities inherently require OAuth tokens or API credentials and explicit consent/scopes for Google Workspace. The skill's metadata and manifest declare no required env vars, no primary credential, and no config paths. That is incoherent: to perform the described actions the skill must receive access to the user's Google account, but the package does not declare how this will be provided or restricted.
Instruction Scope
The runtime instructions are prescriptive about actions the agent should take (prepare drafts, auto-detect to-dos, create tasks, resend invites) and correctly require user confirmation before executing. However they assume availability of tools named gmail, google_calendar, google_sheets, google_docs, google_drive, google_contacts, google_tasks without documenting authentication, which expands the agent's runtime authority in practice. The instructions also mandate automatically 'scanning every user request for actionable items' — benign in intent, but the scope of what the agent will examine is broad and could surface sensitive data; without details on which account/context is used this is concerning.
Install Mechanism
This is an instruction-only skill with no install spec and no code files. That minimizes disk-level risk (nothing is downloaded or written by the skill package itself). However it also means there is nothing to audit for implementation details (how auth is done, where tokens are stored), increasing uncertainty.
Credentials
No environment variables, credentials, or config paths are declared even though the skill's functionality requires access tokens and scopes for multiple Google APIs. The absence of declared credentials is disproportionate to the complexity and privilege required (send/read email, edit docs/sheets, manage calendar events and contacts). It's unclear whether the platform will inject credentials, whether OAuth flows are expected, or whether the skill would request credentials interactively — this is a significant gap.
Persistence & Privilege
The skill does not request always:true, does not include an install script, and is user-invocable only. Those are appropriate for this type of assistant. Note: autonomous invocation (model-invocation enabled) is platform-default; combine that with the credential questions above before granting broad permissions.
What to consider before installing
Do not install or enable this skill until the author/platform documents how Google authentication and scopes are handled. Ask these specific questions: (1) How will OAuth tokens be obtained and where are they stored? (2) What exact Google API scopes will be requested (e.g., gmail.send, calendar.events, drive.file, contacts)? (3) Will you need to paste raw credentials or client secrets — if so, refuse until an OAuth consent flow is used; never share raw passwords or long-lived keys. (4) Does the platform enforce the SKILL.md confirmation protocol (show drafts and require explicit user confirmation) or can the skill act autonomously? (5) Where are logs and audit trails kept, and how can I revoke the skill's access? Because this package has no install code to audit, verify the skill's owner identity and prefer granting access from a test/limited Google account first. If the author cannot clearly explain the auth model and scopes, treat the skill as unsafe to grant workspace access.Like a lobster shell, security has layers — review code before you run it.
latestvk97429c6gvs238g0fpr8h617e984d2se
License
MIT-0
Free to use, modify, and redistribute. No attribution required.