v1.0.1

Gmail Inbox Zero Traige

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:30 AM.

Analysis

This Gmail triage skill is purpose-aligned, but it needs careful review because it requires Gmail read/modify access, can batch archive or auto-filter messages, and references helper scripts that are not included in the submitted package.

GuidanceReview this carefully before installing. It is designed for a legitimate inbox-zero workflow, but it needs Gmail OAuth read/modify access and can make many email changes at once. Confirm the missing helper scripts are supplied and reviewed, verify the gog account and scopes, avoid blindly trusting summaries, and only press Done after checking the queued archive/filter actions.

Findings (6)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

Fetch ALL inbox messages... User clicks "Done" button to execute all queued actions in batch... Create filter to auto-archive future emails from sender

The skill documents broad batch actions over the inbox and persistent Gmail filter creation; this is aligned with inbox triage but can materially alter current and future email handling.

User impactA mistaken batch decision could move many emails out of the inbox, and an overly broad filter could hide future messages from a sender.

RecommendationAvoid using filters unless you understand the sender scope, and verify important messages manually before executing the batch.

Agentic Supply Chain Vulnerabilities

SeverityMediumConfidenceHighStatusConcern

SKILL.md

Queue is managed via `scripts/queue_manager.py`... `python3 scripts/gog_processor.py archive <account> <msg_id>`... `python3 scripts/execute_queue.py <account>`

The submitted file manifest contains only documentation files and no scripts, but the skill's Gmail operations depend on referenced helper scripts that are not present for review.

User impactThe package may not work as described, or a user/agent may end up relying on unreviewed local scripts to perform Gmail mutations.

RecommendationRequire the package to include the referenced scripts, lock down their provenance, and review them before allowing Gmail account changes.

Human-Agent Trust Exploitation

SeverityMediumConfidenceHighStatusConcern

SETUP.md

**Archive aggressively**... **Trust AI summaries** - They're accurate enough for quick decisions

The guidance encourages strong reliance on AI summaries and aggressive email actions, which can be risky for important or mis-summarized messages.

User impactA user may archive or filter important emails based on a short AI-generated summary that could be incomplete or wrong.

RecommendationTreat summaries as hints, not proof; open important, financial, legal, security, or account-related emails before archiving or filtering.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

SKILL.md

**Requires:** `gog` CLI with authenticated Gmail account... `export GOG_KEYRING_PASSWORD="your-password"` ... **Read/modify permissions**

The skill requires access to an authenticated Gmail account and local keyring credentials to read and modify email, while the registry metadata declares no primary credential or required environment variables.

User impactInstalling and using this skill can give the agent workflow access to read Gmail inbox contents and change the account by archiving messages or creating filters.

RecommendationUse only with a Gmail account you are comfortable granting read/modify access to, confirm the gog OAuth scopes, and review every queued action before pressing Done.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusNote

SKILL.md

Display all emails at once with... AI-generated summary... Telegram inline buttons... View - Show full email content

The skill intentionally moves private email metadata, summaries, and optionally full email bodies into the agent/Telegram interaction flow.

User impactSensitive email content may be exposed to the configured bot channel and AI summarization context.

RecommendationUse only in a trusted Telegram/agent environment and avoid using it for accounts containing highly sensitive email unless you accept that exposure.

Memory and Context Poisoning

SeverityLowConfidenceMediumStatusNote

SKILL.md

Fetch inbox messages and save to `current_batch.json`... Queue stored locally - Action queue is temporary, cleared after execution

The workflow stores current batch and action queue state locally; the queue is described as temporary, but retention details for the current batch are not clearly bounded.

User impactLocal files may temporarily contain message IDs, senders, or action choices related to private email.

RecommendationClear local batch and queue files after use and ensure they are stored in a private, non-synced location.