ClawHub

Google Drive

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Google Drive connector skill with powerful Drive read, write, sharing, and delete abilities, but its behavior matches that purpose and includes user-confirmation guidance for changes.

Install only if you are comfortable letting OOMOL-connected Google Drive actions read, create, edit, share, trash, and permanently delete Drive data when you ask for those operations. Review payloads carefully before write/share/delete actions, and be aware that one listing action requests write scope without an explanation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The documentation incorrectly labels a read-only `get_comment` operation as a write action, despite the action description and required `googledrive.read` scope indicating it only reads data. This can mislead an agent or operator into applying unnecessary confirmation logic or misunderstanding the action’s safety properties, which weakens trust in the skill documentation and can contribute to incorrect automation behavior.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The documentation incorrectly marks a read-only `get_reply` operation as a write action that changes Google Drive state. In agent workflows, action labels drive confirmation and execution policy; this mismatch can mislead planners, cause incorrect safety gating, and erode trust in whether an operation is actually read-only or state-changing.

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill documents `list_approvals` as a read/list operation but declares the required scope as `googledrive.write`, which violates least-privilege expectations. This can cause an agent or user to grant broader permissions than necessary, increasing the blast radius if the skill is misused or compromised.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
Presenting a listing action as requiring write access is a dangerous mismatch because operators will reasonably assume the action is non-mutating while the granted token may permit broader state changes. In this skill context, which instructs users to use the skill for any Google Drive request, the overbroad scope is more dangerous because it may become a default path for many workflows and unnecessarily expose Drive contents to modification risk.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The instruction to use this skill for ANY Google Drive request and instead of calling the API directly is overly broad and can cause the agent to route all Drive-related tasks through a high-privilege skill without evaluating least-privilege alternatives. In context, this skill exposes read, write, sharing, and destructive actions, so over-triggering increases the chance of unnecessary data access or accidental modification/deletion.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal