ClawHub
Back to skill
v0.1.0

Gmail

BenignClawScan verdict for this skill. Analyzed May 2, 2026, 8:30 PM.

Analysis

This is a coherent Gmail integration that uses ClawLink for account connection and email actions, but users should notice that it grants sensitive mailbox access and can send or modify email after confirmation.

GuidanceBefore installing, make sure you trust ClawLink and the ClawLink plugin, review the Google permissions you approve, and carefully confirm previews before any email is sent, deleted, archived, relabeled, or changed in bulk.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusNote
SKILL.md
For sends, replies, forwards, draft creation, label changes, archive/delete actions, signature changes, or anything marked as requiring confirmation, call `clawlink_preview_tool` first, then confirm with the user.

The skill can invoke tools that send or alter email. The artifact includes appropriate preview and confirmation safeguards, so this is purpose-aligned rather than a concern.

User impactIf the user confirms the wrong preview, the agent could send, archive, delete, relabel, or otherwise change Gmail messages.
RecommendationCheck previews carefully, especially recipients, thread IDs, labels, and bulk operations, before confirming any write action.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
Install the verified ClawLink plugin: `openclaw plugins install clawhub:clawlink-plugin`

The skill depends on an external plugin that is not included in the scanned artifact set. The installation is user-directed and aligned with the skill purpose, but the plugin itself is outside this review.

User impactUsing the skill requires trusting the ClawLink plugin and its distribution source in addition to this instruction-only skill.
RecommendationInstall the plugin only from the trusted ClawHub source and review ClawLink documentation or verification information before connecting Gmail.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
SKILL.md
Tell the user to open https://claw-link.dev/dashboard?add=gmail and connect Gmail there... Google sign-in and consent.

The skill requires delegated Gmail account access through a third-party connection flow. This is expected for a Gmail tool, but it gives the integration authority over sensitive mailbox data and actions within the approved scopes.

User impactConnecting Gmail may allow ClawLink-powered tools to read mailbox content and perform account actions such as sending or managing messages, depending on the scopes the user approves.
RecommendationReview the Google consent screen carefully, connect only the intended Gmail account, and revoke the integration if it is no longer needed.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityMediumConfidenceHighStatusNote
SKILL.md
Powered by [ClawLink](https://claw-link.dev), an integration hub for OpenClaw that handles hosted connection flows and credentials... The resulting device credential is stored locally in OpenClaw's plugin config and is only sent to `claw-link.dev`.

Gmail access and device credentials are mediated through the ClawLink provider. This data flow is disclosed and expected, but it involves sensitive credentials and email data crossing a third-party integration boundary.

User impactMailbox data and authorization state may be processed through ClawLink rather than staying entirely local to OpenClaw.
RecommendationReview ClawLink's trust, privacy, and security documentation, do not paste raw credentials into chat, and disconnect or revoke access when finished.