v1.0.0

Exec Gilles

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:26 AM.

Analysis

This skill is purpose-aligned as an executive assistant, but it asks to proactively read private messages/files and directly change Google calendar/tasks without clear scope or approval boundaries.

GuidanceOnly install this if you intentionally want a highly empowered executive assistant operating across your Google and WhatsApp data. Before enabling it, define exact accounts, calendars, folders, Gmail labels, WhatsApp chats, approval requirements, retention rules, and rollback/audit procedures—especially for deletions and schedule changes.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityHighConfidenceHighStatusConcern

SKILL.md

Tu ne te contentes PAS de suggérer — tu CRÉES, MODIFIES et SUPPRIMES des événements et des tâches directement.

This explicitly authorizes direct creation, modification, and deletion of calendar/task data, but the artifact does not state that user confirmation or rollback is required before high-impact changes.

User impactThe agent could change or delete scheduling and task data in ways that affect meetings, deadlines, and work commitments.

RecommendationRequire explicit user approval for create/modify/delete operations, keep an audit trail, prefer archive over deletion, and define clear rollback behavior.

Cascading Failures

SeverityMediumConfidenceHighStatusConcern

SKILL.md

Tu SCANNES les emails, les messages WhatsApp (+33 6 12 21 31 83) et les fichiers pour en extraire engagements, deadlines, candidatures et actions.

Emails, messages, and documents can come from untrusted or mistaken sources; the skill tells the agent to turn them into commitments, deadlines, and actions without stating validation or containment checks.

User impactA misleading message or document could cause false tasks, calendar blocks, or priority changes that ripple into the user’s schedule.

RecommendationValidate sender/source, distinguish suggestions from confirmed commitments, and ask the user before converting external content into calendar or task changes.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

metadata

Source: unknown; Homepage: none

There is no code or install script shown, so this is not an executable supply-chain issue by itself, but the provenance is limited for a skill requesting sensitive account authority.

User impactUsers have less information about who maintains the instructions or how to verify their intended scope.

RecommendationReview the SKILL.md carefully before use and prefer a version with clear ownership, documentation, and permission declarations.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

SKILL.md

Tu disposes d'un accès direct à Google Agenda, Google Tasks, Gmail, Google Drive et WhatsApp (via le canal configuré).

The skill asks for delegated authority over multiple personal/work account services, while the registry requirements declare no primary credential or capability contract to bound that authority.

User impactInstalling it could lead the agent to operate across sensitive personal and professional accounts with unclear least-privilege limits.

RecommendationUse explicit OAuth scopes or tool permissions, separate personal and professional access, and document exactly which accounts, folders, labels, calendars, and chats are allowed.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityHighConfidenceHighStatusConcern

SKILL.md

Tu scannes régulièrement les fichiers de l'utilisateur pour en extraire des informations exploitables. Tu ne te contentes pas de ce qu'on te dit — tu vas chercher ce qui dort dans les fichiers.

This calls for broad recurring review of private files for reuse as operational context, but the artifact does not define path limits, exclusions, retention, storage, or how extracted information is trusted.

User impactPrivate documents, notes, job materials, and business files could be ingested into the agent’s working context and influence later actions.

RecommendationLimit scanning to user-approved folders or files, exclude sensitive categories by default, avoid persistent raw-content storage, and require review before extracted information becomes actionable.