ClawHub

Gmail No Send

v1.0.0

Read-only Gmail CLI that cannot send email by design. Search, read, create drafts, update drafts, and archive messages — with zero send capability in the cod...

0· 69·0 current·0 all-time
byMei Park@meimakes
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (read/search/draft/update/archive with no send) aligns with the included code: there is no function calling the Gmail send endpoint. The tool requires user-supplied Google OAuth client credentials, which is appropriate for the stated functionality. The README and threat-model explicitly explain why the compose scope is used (Gmail has no drafts-only scope).
Instruction Scope
SKILL.md instructs only to install the package, obtain OAuth client_secret.json, run auth, and call the listed CLI commands. Runtime instructions and code only access the Gmail API, write tokens and audit logs to the tool's config dir, and do not read unrelated system files or exfiltrate data to unexpected endpoints.
Install Mechanism
No install spec is declared in the registry, but SKILL.md and pyproject.toml provide standard pip install routes (local editable install or git+https from the GitHub repo). Installing via pip from the repo is a common, low-to-moderate risk pattern; there is no opaque download URL or archive extract from an untrusted host.
!
Credentials
The skill requests no environment variables, but it requires user-provided Google OAuth credentials and stores an OAuth token with the 'compose' scope. That scope technically permits sending if the token is reused elsewhere. Although the code itself never calls send and the README warns about this limitation, the token's privileges are broader than 'drafts-only' — this is a proportionality concern the author documents but cannot fully mitigate at the API level.
Persistence & Privilege
The skill does not request always-on inclusion, nor does it modify other skills or global agent settings. It persists a token and an audit log in ~/.config/gmail-no-send (or GMAIL_NO_SEND_CONFIG), which is appropriate and scoped to the tool.
Assessment
This tool appears to do what it says: there is no send() call in the code. However, Gmail's API does not offer a 'drafts-only' OAuth scope, so you must grant a token that includes 'compose' (which could be used to send mail if the token is stolen or reused). Before installing: 1) only authenticate with a dedicated account or test account if you need strict guarantees; 2) store client_secret.json and token.json with restrictive permissions (chmod 600) and consider encrypting them; 3) pin the package version or verify repository checksums and audit source updates (the threat model warns about code modification risk); 4) monitor and periodically review ~/.config/gmail-no-send/audit.log; 5) consider using a network proxy or restricted environment if you need stronger enforcement that prevents sends at the network layer. If you understand those trade-offs, the skill is internally consistent and usable.

Like a lobster shell, security has layers — review code before you run it.

latestvk979qbwr61e7wmmvkvtbm0cpxh83g605

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments