asdasdsad
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The tool may be able to access email, calendar, Drive files, contacts, Sheets, and Docs depending on the OAuth scopes granted.
The skill asks the user to authorize a Google account for multiple Workspace services. This is purpose-aligned, but it grants broad delegated account access.
`gog auth add you@gmail.com --services gmail,calendar,drive,contacts,sheets,docs`
Authorize only the services you need, use a dedicated or least-privileged Google account when possible, and revoke the OAuth grant when no longer needed.
A mistaken or overbroad command could send unwanted messages or change Google Workspace data.
The documented CLI can perform high-impact actions such as sending email and modifying or clearing spreadsheet ranges. These examples are disclosed and user-directed.
`gog gmail send ...`; `gog sheets update ...`; `gog sheets clear <sheetId> "Tab!A2:Z"`
Require explicit user confirmation before send, create, update, append, clear, copy, or other write operations, especially when using scripts.
Security depends on the installed `gog` binary and its Homebrew formula, not just this instruction file.
The skill depends on an external Homebrew tap and provides no local implementation files for review. This is expected for a CLI wrapper but leaves upstream provenance to the user.
brew | formula: steipete/tap/gogcli | creates binaries: gog
Review the upstream project, Homebrew formula, and requested OAuth permissions before installing or authenticating.