ClawHub

Google Workspace

Security checks across malware telemetry and agentic risk

Overview

This skill appears to automate Google Workspace as advertised, but it grants broad access to email, Drive, Calendar, and Sheets with limited safety guardrails.

Install only if you intentionally want an agent or CLI to access and modify your Google Workspace data. Use the narrowest possible Google scopes, avoid domain-wide delegation unless an administrator has approved it, store service-account keys and OAuth tokens securely, and require manual confirmation before sending email, deleting calendar events, publicly sharing Drive files, or changing spreadsheets.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Tainted flow: 'token_file' from os.environ.get (line 52, credential/environment) → open (file write)

Medium
Category
Data Flow
Content
else:
                flow = InstalledAppFlow.from_client_secrets_file(creds_file, SCOPES)
                creds = flow.run_local_server(port=0)
            with open(token_file, "w") as f:
                f.write(creds.to_json())
        return creds
Confidence
86% confidence
Finding
with open(token_file, "w") as f:

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill advertises and instructs use of environment variables, file paths, and networked access to Gmail, Drive, Calendar, and Sheets, but does not declare corresponding permissions. That mismatch reduces transparency and can cause an agent or user to invoke a highly privileged integration without clear consent boundaries.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The description is extremely broad: it says the skill can read, write, send, and manage the user's entire Google stack, without defining when it should or should not be invoked. In an agent setting, vague trigger boundaries increase the risk of overbroad autonomous actions against sensitive email, files, and calendars.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill enables privacy-impacting and destructive operations such as reading inbox contents, sending mail, sharing Drive files publicly, overwriting Sheets data, and deleting calendar events, but the documentation provides no safety warnings or user-consent guidance. Because the connected services can expose sensitive business and personal data, the lack of warnings makes accidental misuse significantly more dangerous in context.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The setup instructions tell users to place a full service-account JSON, including private key material, directly into an environment variable and mention domain-wide delegation, but do not warn about secret leakage, scope minimization, rotation, or storage hygiene. Exposure of these credentials could grant broad organizational access across Gmail, Calendar, Drive, and Sheets, making the context especially sensitive.

VirusTotal

54/54 vendors flagged this skill as clean.

View on VirusTotal