Back to skill
Skillv1.0.2
VirusTotal security
google-workspace-rave · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 26, 2026, 6:06 PM
- Hash
- f8be0bacf290181b414e9cd9fcd16e18dcdbac39d19351380232db63e08ab054
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: google-workspace-rave Version: 1.0.2 The skill provides extensive control over Google Workspace APIs by wrapping the `gws` CLI, requiring high-risk capabilities such as shell execution (`exec`) and network requests (`curl`). The `SKILL.md` file contains specific instructions for the AI agent to manage sensitive OAuth credentials and perform a manual authentication handshake by curling a user-provided URL. While these actions are plausibly needed for the stated purpose, the combination of broad access to private data (Gmail, Drive, etc.) and the requirement for the agent to handle raw credential files and perform unvalidated network calls constitutes a significant security risk.
- External report
- View on VirusTotal