Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
Google Drive based RAG
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a coherent Google Drive RAG skill, but it will use Google Drive/Gemini access and persist indexed document text locally.
Use this skill only if you are comfortable granting the Google Workspace CLI access to the intended Drive account/folder, sending synced content to Gemini, and keeping a local searchable index. Consider using a dedicated Drive folder, checking shortcuts/subfolders before syncing, and deleting .env or vector_db.json when no longer needed.
Static analysis
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
What this means
If the CLI is authenticated to the wrong Google account or the folder ID is broader than intended, the agent could read or write more Drive content than the user expects.
Why it was flagged
The skill uses an authenticated Google Workspace CLI to download and upload Drive files. That is expected for the stated purpose, but it relies on the user's Google account authority.
Skill content
gws drive files get --params '{"fileId": "<FILE_ID>", "alt": "media"}' ... gws drive files create --json '{"name": "filename.pdf", "parents": ["<FILECHAT_DRIVE_FOLDER_ID>"]}' --upload /path/to/uploaded/file.pdfRecommendation
Authenticate gws only to the intended Google account, use a dedicated Drive folder when possible, and review file download/upload requests before approving them.
What this means
Private document contents from the synced Drive folder can remain available to later chats through the local index.
Why it was flagged
The sync process stores extracted document text chunks, filenames, file IDs, and embeddings in a persistent local JSON database for future retrieval.
Skill content
db.push({ fileId: targetId, filename: filePath, chunkIndex: i, text: c, embedding: emb }); ... fs.writeFileSync(DB_PATH, JSON.stringify(db));Recommendation
Only sync folders intended for this assistant, inspect subfolders and shortcuts, and delete vector_db.json if you no longer want the local index retained.
What this means
Synced document text or image contents may be processed by Google's Gemini services, not only kept in Google Drive or locally.
Why it was flagged
Document text chunks are submitted to Google's Gemini embedding API; image OCR similarly uses Gemini Flash. This is disclosed by the skill's Gemini API requirement and is purpose-aligned.
Skill content
body: JSON.stringify({ model: "models/text-embedding-004", content: { parts: [{ text: text }] } })Recommendation
Review the Gemini API data handling policy and avoid syncing documents you do not want sent to the embedding/OCR provider.
What this means
A compromised dependency, CLI, or unexpected command input could affect the local workspace during sync.
Why it was flagged
The code executes constructed shell commands to call the Google Workspace CLI. This matches the Drive sync purpose, but shell execution is a sensitive mechanism.
Skill content
const res = execSync(cmd, { encoding: 'utf-8', stdio: 'pipe' });Recommendation
Install dependencies from trusted sources and keep the configured Drive folder ID and file IDs limited to expected Google Drive values.
What this means
Future dependency resolution could install different package versions than the reviewer saw here.
Why it was flagged
The install path pulls npm-based tooling and dependencies. That is normal for this Node skill, but the artifacts do not pin every installed package version in the skill metadata.
Skill content
package: "@googleworkspace/cli" ... script: "cd ./skills/filechat && npm install"
Recommendation
Prefer reviewed lockfiles or pinned dependency versions for reproducible installs, especially because the skill handles Drive content.