Back to skill
Skillv1.0.12
ClawScan security
Recipe Label And Archive Emails · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 31, 2026, 6:36 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requests and instructions match its stated purpose (labeling and archiving Gmail messages) and nothing in the recipe asks for unrelated access or installs unexpected components.
- Guidance
- This recipe is coherent with its purpose, but before installing: (1) verify the 'gws' binary is from a trusted source and understand how it stores/uses your Gmail credentials (OAuth tokens); (2) confirm the OAuth scopes granted to gws/gws-gmail are appropriate and limited to the operations you expect; (3) test the commands on a small sample folder or use a safe query to avoid accidentally archiving important mail; and (4) remember the agent will be able to run gws commands when you invoke the skill, so only grant use to trusted agents or run manually if unsure.
Review Dimensions
- Purpose & Capability
- okThe skill declares a dependency on the 'gws' binary and the 'gws-gmail' skill, and its instructions use the gws gmail commands — this is exactly what a Gmail-label-and-archive recipe would need.
- Instruction Scope
- okSKILL.md only instructs listing messages (with a Gmail query), adding label IDs, and removing the INBOX label to archive. It does not instruct reading unrelated files, exfiltrating data, or contacting external endpoints beyond the Gmail API via the gws tool. Placeholders (MESSAGE_ID, LABEL_ID) are expected and must be filled at runtime.
- Install Mechanism
- okThere is no install spec (instruction-only), so nothing is downloaded or written by the skill itself. This minimizes installation risk.
- Credentials
- okThe skill requests no environment variables or credentials itself. It relies on the existing 'gws' tool and its authorization to act on Gmail, which is appropriate for the described task — ensure the gws/gws-gmail credential scope is limited to Gmail operations.
- Persistence & Privilege
- okalways is false and the skill is user-invocable; it does not request persistent or system-wide privileges. Autonomous invocation is allowed by default (platform behavior) but is not combined here with unusual credential access.