Back to plugin

Security audit

Gmail

Security checks across malware telemetry and agentic risk

Overview

This appears to be a Gmail/IMAP email plugin that asks for the kind of mail access and local file writing its description requires.

This plugin is coherent with its stated Gmail/IMAP purpose, but it is inherently powerful: if installed and enabled, your agent can read your mailbox, download attachments to disk, and potentially send or reply to emails if those tools are allowed. Only enable the specific tools you need, keep the default send confirmation enabled, and treat the Gmail app password like a real password.

VirusTotal

62/62 vendors flagged this plugin as clean.

View on VirusTotal

Static analysis

Detected: suspicious.destructive_delete_command

Documentation contains a destructive delete command without an explicit confirmation gate.

Warn
Code
suspicious.destructive_delete_command
Location
README.md:303
Evidence
rm -rf ~/.openclaw/extensions/gmail