ClawHub
Back to skill
v1.0.0

Google Photos Manager for OpenClaw

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:14 AM.

Analysis

The skill mostly matches its Google Photos purpose, but it should be reviewed because it stores and reloads OAuth tokens with Python pickle, which can execute code if the token file is unsafe.

GuidanceReview this skill before installing. Its Google Photos functions are coherent, but only use token files you created and trust, store OAuth files in a private location, verify the requested Google OAuth scopes, and set up dependencies from trusted sources.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Unexpected Code Execution
SeverityMediumConfidenceHighStatusConcern
scripts/gphotos.py
if os.path.exists(token_path):
        with open(token_path, 'rb') as token:
            creds = pickle.load(token)

The script deserializes the local token file with pickle. Pickle files can execute code when loaded, so a malicious or tampered token file could cause code execution when the skill runs.

User impactIf the token file path points to an unsafe pickle file, running the skill could execute unintended local code, not just authenticate to Google Photos.
RecommendationUse a safer token format if possible, such as JSON or the standard OAuth credential serialization methods, and only load token files created by this skill in a private, trusted location.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
scripts/gphotos.py
#!/home/jorge/.openclaw/workspace/skills/google-photos/venv/bin/python3
import requests
from google_auth_oauthlib.flow import InstalledAppFlow

The script references a specific developer-local virtualenv path and depends on external Python packages, while the supplied install spec declares no install mechanism.

User impactThe skill may require manual dependency setup, and users should verify what packages and versions they install before running it.
RecommendationPrefer a clear install spec or documented, pinned dependency list, and run the script with a trusted local Python environment.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
scripts/gphotos.py
SCOPES = ['https://www.googleapis.com/auth/photoslibrary.appendonly',
          'https://www.googleapis.com/auth/photoslibrary.readonly.appcreateddata',
          'https://www.googleapis.com/auth/photoslibrary.sharing']

The skill requests OAuth scopes that allow it to upload/create Google Photos content, read app-created Google Photos data, and use sharing-related Google Photos permissions.

User impactInstalling and using the skill means granting it sensitive Google Photos account access, even though that access is broadly consistent with its purpose.
RecommendationReview the OAuth consent screen carefully, use a dedicated Google Cloud OAuth client, keep the token file private, and remove sharing scope if you do not need sharing features.