ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

google-workspace-rave

v1.0.2

Manage Google Workspace via the `gws` CLI — Drive, Gmail, Calendar, Sheets, Docs, Chat, Admin, Tasks, Meet, Slides, Forms, Contacts, and every other Workspac...

0· 52·0 current·0 all-time
by@eladrave
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description claim to wrap the official `gws` CLI and the skill declares the `gws` binary and installs @googleworkspace/cli via npm — this is consistent. However, package/metadata inconsistencies exist: the registry metadata (owner id, slug, version) does not match values in _meta.json and README, and there's no homepage. That mismatch suggests the skill may have been repackaged or modified without clear provenance.
Instruction Scope
SKILL.md explicitly instructs the agent to request the user's Google Cloud OAuth client_secret.json, save it to the workspace, run `gws auth login` (via exec), extract and forward the OAuth login URL, and then curl the localhost callback URL provided by the user to complete the handshake. Those steps are required to obtain OAuth tokens for workspace management, so they are within the skill's purpose — but they involve collecting and storing sensitive credentials and an auth callback URL (which encodes authorization data). The instructions give the agent direct, unsupervised authority to handle secrets and to perform network operations, which raises confidentiality and exfiltration risk.
Install Mechanism
Install uses npm to install @googleworkspace/cli and creates the `gws` binary. Using npm for a CLI wrapper is expected and traceable; this is a common and proportionate install method. Note that npm packages are a moderate-risk install vector compared with trusted package repos, so verifying package origin is prudent.
Credentials
The skill does not require unrelated environment variables or credentials beyond what the gws workflow reasonably needs (credentials file, token, or service account JSON). The SKILL.md documents optional env vars like GOOGLE_WORKSPACE_CLI_CREDENTIALS_FILE and token usage. Requiring or asking for OAuth client_secret.json and exported credentials is proportionate to the declared functionality but is sensitive and should be minimized (prefer service accounts or pre-provisioned credentials).
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It instructs the agent to write credentials.json into the workspace (its own working area), which is normal for credential-driven CLI usage, but storing credentials in the agent workspace increases the risk that other skills or logs could access them — consider filesystem protections and least-privilege practices.
What to consider before installing
This skill appears to be a legitimate wrapper for the gws CLI, but exercise caution before installing or handing over credentials. Actions to consider before proceeding: - Verify provenance: the registry metadata, _meta.json, and README disagree on owner/slug/version and there is no homepage; prefer skills with clear, consistent provenance. - Prefer safer auth flows: do the OAuth handshake on a machine you control (desktop with browser), then export a limited credentials file or use a service account with narrowly scoped permissions rather than pasting client_secret.json into chat. - Minimize scope: when running `gws auth login`, request only the scopes you need instead of granting broad access. - Do not paste long-lived secrets or private keys into chat. If you must provide credentials, restrict file permissions (chmod 600), store them outside shared workspaces, and add them to .gitignore as advised. - Inspect the npm package (@googleworkspace/cli) on the upstream registry/GitHub to confirm it’s the expected project and review recent releases/maintainers. - Treat any localhost callback URL or token the agent receives as sensitive; assume it could be exposed if the agent or workspace is compromised. If you want to proceed but reduce risk: perform authentication locally, export the minimal credentials file, then set GOOGLE_WORKSPACE_CLI_CREDENTIALS_FILE in the target environment rather than uploading secrets through the agent.

Like a lobster shell, security has layers — review code before you run it.

latestvk97485fve08qrerse3vdbaka4s83n35m

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Binsgws

Install

Install Google Workspace CLI (npm)
Bins: gws
npm i -g @googleworkspace/cli

Comments