ClawHub
Back to skill

Security audit

Work Productivity Gog Google Workflow Helper

Security checks across malware telemetry and agentic risk

Overview

This looks like a Google Workspace/Gog workflow helper, but it can be invoked too easily around sensitive mail, calendar, and Drive tasks.

Install only if you intentionally want agent help with Gog/Google Workspace workflows. Before use, narrow or disable implicit activation where possible and require explicit confirmation before sending mail, changing calendar events, editing Drive/Sheets/Docs data, or using OAuth-authenticated accounts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (11)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases are broad, repetitive, and loosely scoped to common terms like 'google', 'workspace', and generic requests for 'practical workflow', which can cause the skill to activate in contexts unrelated to its intended purpose. In an agent ecosystem, overly permissive activation increases the chance of incorrect tool routing, prompt-context pollution, and accidental invocation in sensitive workflows involving Gmail, Drive, or Calendar.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrases are broad and include common productivity and Google Workspace terms, which can cause the skill to activate in contexts the user did not intend. In an agent ecosystem, unintended invocation can route user requests into the wrong workflow, increasing the chance of inappropriate actions, data exposure through over-collection of context, or confusing task execution.

Natural-Language Policy Violations

Medium
Confidence
68% confidence
Finding
Core usage and trigger instructions being written in English inside a zh-CN README can cause users to misunderstand how and when the skill activates. In the context of trigger-based agent routing, that confusion can contribute to accidental invocation or misuse, though the security impact is limited compared with direct execution or credential-handling flaws.

Vague Triggers

High
Confidence
95% confidence
Finding
The skill description and usage scope are broad enough to match many ordinary requests involving work productivity, Google, Workspace, or CLI topics. In agent-routing systems, this can cause unintended activation, making the agent apply this skill in contexts where its assumptions or workflow do not fit, which can degrade safety, reliability, and principle-of-least-surprise behavior.

Vague Triggers

High
Confidence
97% confidence
Finding
The trigger keywords include highly generic terms such as 'google', 'workspace', 'cli', 'gmail', 'calendar', and 'drive', which are common across many benign user requests. This creates a high risk of accidental invocation or routing collisions, potentially overriding more appropriate skills and expanding the skill's operational reach beyond its intended domain.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The example trigger sentences demonstrate invocation patterns built around vague phrases like 'Help me' and 'I need a practical workflow', which teaches downstream users or systems to activate the skill from nonspecific requests. This increases ambiguous routing and can normalize overbroad skill selection, especially when examples are copied directly into orchestration logic or prompt templates.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger keywords are overly broad and include common terms like 'google', 'workspace', and 'cli', which can cause the skill to activate for many unrelated requests. In an agent environment, this increases the chance of incorrect routing or unintended invocation, leading to confusing behavior, accidental prompt/context capture, or inappropriate workflow execution.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The enablement condition in the description is vague, saying the skill should be used when users mention broad categories or need general workflow/checklist/analysis support. This ambiguity makes it easy for the orchestration layer or users to select the skill outside its intended scope, increasing misfires and potentially causing the agent to apply irrelevant instructions to sensitive or unrelated tasks.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The default prompt uses very broad trigger terms like work-productivity, gog, google, workspace, cli, workflow, artifact, checklist, analysis, and implementation support, which can cause the skill to activate in many ordinary conversations without clear boundaries. Combined with allow_implicit_invocation: true, this increases the chance of unintended routing, prompt interference, and the skill being invoked in contexts the user did not explicitly request.

Vague Triggers

High
Confidence
96% confidence
Finding
The trigger sentences are broad, generic, and closely resemble ordinary user requests, which can cause the skill to be invoked in situations far outside its intended scope. In an agent ecosystem, unintended invocation can route unrelated prompts through this skill, leading to incorrect automation, scope confusion, or accidental execution of workflows involving Google Workspace or productivity tooling without clear user intent.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The keyword list includes very broad terms such as 'google', 'workspace', 'cli', and 'bug fix', which are common across many unrelated tasks and therefore make the trigger surface overly permissive. This increases the chance of false-positive activation, causing the wrong skill to handle user requests and potentially exposing users to unintended actions or misleading outputs in sensitive productivity contexts.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal