Andrew Google Tasks
PassAudited by ClawScan on May 10, 2026.
Overview
The skill is a coherent Google Tasks integration, but authorizing it lets the agent read and change your Google Tasks and stores an OAuth token locally.
Install this only if you are comfortable granting Google Tasks OAuth access to the agent. The provided code appears focused on Google Tasks and does not show hidden exfiltration or background behavior, but you should protect the local token file and use explicit confirmation for task deletion or other changes.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
After authorization, the agent can access Google Tasks within this scope and the token remains on disk for future use.
The skill requires Google OAuth credentials and stores a reusable token for the full Google Tasks scope. This is expected for managing tasks, but it grants account authority.
SCOPES = ['https://www.googleapis.com/auth/tasks'] CREDENTIALS_FILE = Path.home() / '.google-credentials.json' TOKEN_FILE = Path.home() / '.google-tasks-token.pickle'
Only authorize an account you intend to use with this skill, keep the token file private, and revoke the Google OAuth grant if you stop using it.
If the agent is asked or allowed to act on tasks, it can modify or delete items in the authorized Google Tasks account.
The skill exposes API operations that create, update, and delete Google Tasks. These operations match the stated purpose, but they can change user data.
created_task = service.tasks().insert(...).execute() updated_task = service.tasks().update(...).execute() service.tasks().delete(tasklist=tasklist_id, task=task_id).execute()
Review task-changing requests carefully, especially deletes or bulk changes, and prefer explicit user confirmation for destructive actions.
The installed package versions may vary depending on when setup is run.
The setup instructions install external Python packages without pinned versions. This is normal for a Google API integration, but the exact dependency versions are not fixed in the artifacts.
pip install google-api-python-client google-auth-httplib2 google-auth-oauthlib
Install from trusted package indexes and consider pinning or reviewing package versions in controlled environments.
A malicious local token file could run code when the skill loads it, assuming an attacker can modify that file.
The skill deserializes a local pickle token file. This is a common local token-cache pattern, but pickle files can execute code if maliciously replaced or tampered with.
with open(TOKEN_FILE, 'rb') as token:
creds = pickle.load(token)Do not copy token pickle files from untrusted sources; keep the token file protected and consider safer serialization for future revisions.