Back to skill
Skillv1.0.12
ClawScan security
Recipe Forward Labeled Emails · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 31, 2026, 6:36 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's declared purpose (find Gmail messages with a label and forward them) matches its instructions and requirements; nothing requested is disproportionate or unrelated to that task.
- Guidance
- This recipe is coherent: it uses the gws CLI and gws-gmail to list, read, and forward labeled Gmail messages. Before installing, confirm you trust the gws/gws-gmail tooling and understand its authentication (OAuth tokens) and scopes. Note the recipe as written will forward full message content (and likely attachments) to manager@company.com — edit the label, recipient, or add filtering/sanitization if needed to avoid leaking sensitive data. Also check organizational policy about auto-forwarding emails and whether the skill might be invoked automatically by agents (model invocation is allowed by default).
Review Dimensions
- Purpose & Capability
- okName/description match the runtime steps. The declared required binary (gws) and dependency on the gws-gmail skill are appropriate for accessing and sending Gmail messages.
- Instruction Scope
- noteInstructions only invoke gws gmail commands to list, fetch, and send messages, which is within the stated purpose. The recipe hardcodes a query (label:needs-review) and a recipient (manager@company.com) and does not mention handling attachments, headers, or sanitization of message contents — so forwarded content may include sensitive data unless the operator changes the recipe.
- Install Mechanism
- okInstruction-only skill with no install spec or downloads; nothing is written to disk by the skill itself.
- Credentials
- noteNo environment variables or credentials are declared by this skill; Gmail authentication is presumably handled by the gws/gws-gmail tooling. This is consistent but you should confirm gws-gmail's auth scope and storage because forwarding requires access to mailbox contents.
- Persistence & Privilege
- okalways is false and the skill does not request persistent or system-wide privileges. Model invocation is allowed (the platform default) but that alone is not a red flag here.