Security audit
Google Photos
Security checks across malware telemetry and agentic risk
Overview
This skill is a clearly disclosed Google Photos integration that uses ClawLink OAuth and asks for confirmation before photo or album changes.
Install this only if you are comfortable using ClawLink as the hosted OAuth provider for Google Photos. Review the Google account permissions during connection, and confirm any upload, album change, or media update before the agent executes it.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
59/59 vendors flagged this skill as clean.
Static analysis
No suspicious patterns detected.
