ClawHub

Gmail To Outlook

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Gmail-to-Microsoft 365 migration playbook with an optional DNS audit script, but it should be used only by authorized IT staff because it involves privileged admin and DNS changes.

Install/use only if you are authorized to administer both Google Workspace and Microsoft 365 for the tenant. Treat any Google service account key, app password, and temporary Microsoft 365 credential as sensitive: use official admin portals, do not paste secrets into chats or tickets, restrict access, and revoke or rotate migration credentials after use. Plan MX/DNS changes in a maintenance window, preserve existing DNS records for rollback, pilot first, and verify mail flow and migrated data before decommissioning Gmail.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs operators to create and upload a Google Workspace service account key with domain-wide delegation, which is a highly sensitive credential that can enable broad access across the tenant if mishandled. Without explicit guidance on secure storage, restricted permissions, rotation, and deletion after use, the skill increases the risk of credential leakage and unauthorized mailbox access during migration.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill provides actionable DNS/MX cutover instructions that can immediately affect production mail routing, but it does not warn about outage risk, mail delivery disruption, rollback planning, or the need to validate records before and after the change. In a migration context, incomplete guidance can lead to misrouted or lost email, authentication failures, and business interruption if an operator follows the steps without adequate safeguards.

Missing User Warnings

Low
Confidence
87% confidence
Finding
The migration announcement encourages users to begin using the new Microsoft 365 mailbox but does not explicitly instruct them to verify that all expected mail, contacts, and calendar data has migrated before relying on it. In a migration context, this can lead to unnoticed data gaps, missed communications, or premature decommissioning of the source system, especially during cutover windows.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The setup guide instructs users to enter credentials 'provided by IT' without any security guidance on safe password handling, first-login password changes, or how to verify legitimate IT communications. In a migration scenario, users are primed to expect credential-related messages, which increases susceptibility to phishing or insecure sharing of temporary passwords.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The file instructs users to 'Remove ALL existing MX records' and perform MX cutover without an explicit warning that this can immediately disrupt inbound mail delivery if Microsoft 365 is not fully validated first. In a migration skill, operators may copy-paste these steps directly, so omission of rollback guidance, prerequisites, and downtime risk makes accidental mail loss or service interruption more likely.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal