Back to skill
Skillv1.0.0
VirusTotal security
Praxis Google Workspace · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 4:21 AM
- Hash
- 5e467a98f417e99cac85fe289f4af66d4b01d704a1ca44db1591299ff898c70b
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: praxis-gws Version: 1.0.0 The skill is classified as suspicious due to its broad API permissions and the direct passing of user/agent-controlled input to powerful Google Workspace APIs without explicit sanitization within the skill's code. While the `SKILL.md` documentation is benign and the `scripts/praxis-gws.js` code uses official libraries and performs legitimate file operations for configuration, the combination of `gmail.modify`, `calendar`, and `drive.readonly` scopes allows for significant actions (sending emails, managing calendars, reading drive files). This makes the skill a powerful tool that could be abused by a prompt-injected AI agent to perform harmful actions via API abuse, such as sending phishing emails or searching for sensitive documents, even though the skill itself does not exhibit malicious intent.
- External report
- View on VirusTotal