Skillv1.0.0

ClawScan security

Praxis Google Workspace · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewFeb 22, 2026, 7:35 AM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The CLI appears to implement the advertised Gmail/Calendar/Drive functions, but there are implementation and packaging inconsistencies (notably a hard-coded global require path for the googleapis module and missing declared runtime requirements) that warrant caution before installing or running it.
Guidance: This CLI largely does what it claims, but take these precautions before installing or running it: (1) inspect the included script yourself — pay attention to the line that requires googleapis from a global path (it forces a global installation and could load a tampered global package); (2) ensure Node.js is installed and consider installing dependencies locally rather than globally, or modify the script to require('googleapis') normally; (3) create a dedicated Google Cloud project and OAuth client for this tool and review the OAuth consent screen before clicking through 'unverified app' warnings; (4) be aware tokens/credentials will be stored under ~/.config/praxis-gws — protect or isolate that directory; (5) prefer running this in an isolated account/container if you cannot verify the source; and (6) higher confidence would require a trusted source URL, publisher identity, or an install spec that doesn't rely on global modules.

Review Dimensions

Purpose & Capability: noteThe script's behavior (Gmail, Calendar, Drive operations) matches the skill description and required OAuth scopes. However the registry metadata claims no required binaries while the SKILL.md and code require Node.js and the 'googleapis' package; the description calling this the 'official' wrapper is ambiguous (it uses Google's official library, but the CLI itself is a third-party script).
Instruction Scope: okSKILL.md instructions are focused on obtaining OAuth credentials, configuring the CLI, and using Gmail/Calendar/Drive commands. It explicitly tells the user how to run the OAuth flow and where tokens are stored. It does instruct the user to click through the 'unverified app' warning, which is a normal but security-sensitive step for unverified OAuth clients.
Install Mechanism: concernThere is no formal install spec in registry metadata; SKILL.md recommends 'npm install -g googleapis' and the script loads googleapis via an absolute/global path (process.env.PREFIX || '/usr/local' + '/lib/node_modules/googleapis/...'). Relying on a global install and forcing a specific global path is fragile and unusual — it increases risk because global modules can be modified by other users/administrators and could cause the script to load a different package than expected.
Credentials: noteThe script does not request unrelated credentials; it requires user-provided Google OAuth client credentials and stores tokens locally (~/.config/praxis-gws/token.json). The OAuth scopes (gmail.modify, calendar, drive.readonly) are broad but consistent with advertised features (sending/modifying mail, creating events, reading Drive). The skill uses environment variables PREFIX and HOME implicitly; these are not declared in metadata but are typical and not sensitive.
Persistence & Privilege: okalways is false and the skill does not request elevated platform privileges. It persists OAuth tokens and credentials under the user's home (~/.config/praxis-gws), which is expected. It does not modify other skills or system-wide configs beyond creating that directory.