Gws Chat

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward Google Chat command reference, but it can guide an agent to perform powerful actions like deleting Chat spaces if the user authorizes them.

Install this only if you want an agent to help manage Google Chat through the `gws` CLI. Before using it, review the referenced shared GWS auth/security instructions, confirm which Google account and scopes are active, and require explicit confirmation before deleting spaces, changing memberships, uploading media, or using admin-access options.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill documents a destructive `spaces delete` capability that performs a cascading delete of messages and memberships, but it provides no cautionary language, confirmation guidance, or safe-usage constraints. In an agent skill context, this increases the chance that an automated system or user invokes irreversible deletion without understanding the blast radius.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal