Google Services Secure

This skill is coherent in purpose (Google OAuth integration) but contains important contradictions and persistence behavior you should not ignore: - The documentation repeatedly claims OAuth tokens are stored only in memory, but scripts (scripts/auth-google.sh) write the token response to $HOME/.google-oauth-token and set file permissions. That means tokens can persist on disk and be read by processes/users with access to that path. Treat this as a real exposure risk until the behavior is fixed. - The registry metadata omits GOOGLE_REDIRECT_URI even though SKILL.md and the scripts depend on it. Ask the author to update required envs and documentation to match the actual runtime requirements. - If you consider using this skill: inspect and (if needed) modify auth-google.sh to avoid writing tokens to disk (or change TOKEN_FILE to a secure ephemeral store you control), ensure audit logs are stored in a location you trust, and verify permissions. Alternatively run the skill in an isolated sandboxed account or VM and rotate/revoke tokens after testing. - Ask the maintainer for clarification and a corrected release that either: (a) truly keeps tokens RAM-only, or (b) documents and allows a configurable secure token storage path (with clear warnings). - Until resolved, avoid placing high-privilege Google credentials in shared systems; consider creating a minimally scoped test account for evaluation and revoke credentials after use.