Google Drive
AdvisoryAudited by Static analysis on May 3, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill alone is not enough; the user must also trust and install the ClawLink plugin.
The skill relies on an external plugin that is not bundled in the reviewed artifact set. The install is user-directed and central to the stated purpose, so this is a supply-chain notice rather than a concern.
Install the verified ClawLink plugin: `openclaw plugins install clawhub:clawlink-plugin`
Install the ClawLink plugin only from the expected ClawHub source and review ClawLink’s documentation/source if needed.
After pairing, OpenClaw can use ClawLink to access the connected Google Drive according to the approved scopes.
The skill requires a persistent ClawLink credential and a connected Google Drive account. This is expected for the integration and explicitly disclosed, but it grants delegated account access.
Pairing stores a local ClawLink credential in OpenClaw's plugin config so future tool calls can work.
Review the Google consent screen and ClawLink connection settings, and revoke the connection when you no longer need it.
If approved, the agent may create, move, copy, upload, share, or delete Google Drive items.
The skill can coordinate actions that modify Drive contents or sharing state. The artifact includes confirmation requirements and preview guidance, making the capability disclosed and purpose-aligned.
Ask for confirmation before uploads, file creation, sharing changes, moves, copies, or deletes.
Confirm Drive changes only after checking the target files, folders, sharing recipients, and expected outcome.
Drive queries and action requests may pass through ClawLink’s integration layer.
Google Drive access is mediated through a third-party integration hub. This is disclosed and purpose-aligned, but it means credential and tool-call boundaries depend on ClawLink.
Powered by [ClawLink](https://claw-link.dev), an integration hub for OpenClaw that handles hosted connection flows and credentials
Use ClawLink only if you trust it to broker Google Drive access, and review its verification, source, and documentation links.