Google Workspace (No Cloud Console)
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This appears to be a Google Workspace connector, but it delegates broad Google account access to an unpinned external npm MCP package and lacks clear guardrails for account-changing actions.
Review this skill carefully before installing. Use it only if you trust the npm package and OAuth app, inspect the Google consent scopes, require confirmation before account-changing actions, and consider using a dedicated or low-risk Google account. If uninstalling, clear the stored credentials and revoke the OAuth grant from your Google account.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A changed or compromised npm package version could run locally and handle the user's Google OAuth session and Workspace data.
The runnable MCP code is fetched and executed from an unpinned npm package, while the artifact set contains only SKILL.md and no package code for review.
npm install -g @presto-ai/google-workspace-mcp mcporter config add google-workspace --command "npx" --arg "-y" --arg "@presto-ai/google-workspace-mcp" --scope home
Only install after verifying the package publisher and source; prefer a pinned version and review the package before authorizing Google access.
The agent or MCP server may be able to read sensitive Google data and perform actions as the signed-in Google user, depending on granted OAuth scopes.
The skill uses persistent Google OAuth credentials for broad delegated account access, including mail, calendar, and chat actions, even though registry requirements list no primary credential.
On first use, it opens a browser for Google OAuth. Credentials stored in `~/.config/google-workspace-mcp/` ... Gmail: gmail.search, gmail.get, gmail.send ... Calendar: calendar.createEvent, calendar.updateEvent, calendar.deleteEvent ... Chat: chat.sendMessage
Review the Google consent screen carefully, use the least-privileged account possible, and revoke the OAuth grant if the skill is no longer needed.
A mistaken or over-eager agent action could send emails or chat messages, change documents, modify Gmail state, or alter calendar events.
The exposed tools include high-impact mutation and messaging operations, but the instructions do not state that the agent must ask for explicit user confirmation before using them.
docs.insertText, docs.appendText, docs.replaceText ... calendar.updateEvent, calendar.deleteEvent ... gmail.send, gmail.modify ... chat.sendMessage, chat.sendDm
Require explicit user approval before any send, delete, update, or write action, and test first with low-risk accounts or data.
Emails, documents, spreadsheets, and other Workspace content returned by tools may enter the agent session where they can be used in later reasoning.
Sensitive Google Workspace content is routed through a local MCP tool bridge, which is expected for this integration but important for users to understand.
Uses `@presto-ai/google-workspace-mcp` ... mcporter call --server google-workspace --tool "gmail.get" ... docs.getText ... sheets.getText
Avoid retrieving unnecessary sensitive content and limit use to workspaces/accounts where this data flow is acceptable.