Skillv0.1.0

ClawScan security

Gmail Integration · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 20, 2026, 9:01 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill's stated capabilities (full OAuth2 support) and required inputs look plausible for a Gmail integration, but the code and instructions do not implement an OAuth2 flow and contain incorrect API usage, so the pieces are incoherent and the skill will not behave as promised without modification.
Guidance: This skill claims 'full OAuth2 support' but the code does not perform the OAuth token exchange or include Authorization headers, and it uses an incorrect API path — in short, it won't work as advertised. Before installing: (1) review or request fixes to the code so it implements the OAuth2 flow (authorization code or device flow), exchanges client_id/secret for tokens, and sends 'Authorization: Bearer <access_token>' with requests; (2) test with a throwaway Google account / limited-scope credentials, not your primary account; (3) avoid pasting production client_secret into untrusted skills — if you must provide secrets, ensure you understand where tokens are stored and whether the skill transmits them elsewhere; (4) ask the author to correct endpoint URLs and document token storage/refresh behavior. Because the pieces don't line up, treat this skill as non-functional and review or fix the implementation before giving it real credentials.

Review Dimensions

Purpose & Capability: concernThe name/description and required env vars (GMAIL_CLIENT_ID, GMAIL_CLIENT_SECRET) match a Gmail integration. However, the code never implements an OAuth2 token exchange or attaches Authorization headers to Gmail API calls. The code also uses an incorrect endpoint string (e.g., '.../messages.send' instead of the expected '/messages/send' path), so it cannot actually call Gmail on behalf of a user. Claiming 'Full OAuth2 support' in SKILL.md is inconsistent with the code.
Instruction Scope: concernSKILL.md instructs you to create OAuth credentials and set env vars, but does not explain how the skill obtains or stores access/refresh tokens, nor how to complete the OAuth consent/redirect flow. The runtime instructions and code do not direct the agent to perform an OAuth handshake or to prompt the user for an authorization code, so runtime behavior will either fail or require ad-hoc manual steps. The instructions are therefore incomplete and grant the agent ambiguous discretion to attempt network calls without proper auth.
Install Mechanism: okNo install spec or external downloads are included; the skill is instruction-only with a single Python file. That minimizes install-time risk (nothing is fetched or extracted).
Credentials: noteRequesting GMAIL_CLIENT_ID and GMAIL_CLIENT_SECRET is reasonable for an app that performs OAuth. However, those two values alone are insufficient for API access — the code should obtain and use access tokens. There are no other environment variables or unrelated credentials requested, so the scope of requested secrets is narrow but currently misapplied.
Persistence & Privilege: okThe skill is not marked always:true and does not request system-wide configuration or modify other skills. It does read environment variables at module import, which is normal for credentials.