ClawHub

Gog 1

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed helper for using a Google Workspace CLI; it needs broad OAuth access, but the behavior shown is expected for that purpose.

Install only if you trust the Homebrew tap and the gog CLI. Review the Google OAuth consent scopes, use the least-privileged account practical, confirm email sends, calendar changes, and Sheets updates or clears before running them, and revoke the OAuth token when you no longer need access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Credential Access

High
Category
Privilege Escalation
Content
Use `gog` for Gmail/Calendar/Drive/Contacts/Sheets/Docs. Requires OAuth setup.

Setup (once)
- `gog auth credentials /path/to/client_secret.json`
- `gog auth add you@gmail.com --services gmail,calendar,drive,contacts,sheets,docs`
- `gog auth list`
Confidence
70% confidence
Finding
secret.json

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal