ClawHub

Manage Google Keep notes

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims for Google Keep, but it relies on a risky manual Google token extraction flow and can modify or trash notes.

Install only if you are comfortable giving this skill access to your Google Keep notes and manually handling Google authentication tokens. Treat ~/.config/gkeep/token.json and any printed token output like passwords, avoid sharing logs or screenshots from setup, remove or revoke the token if exposed, and confirm note IDs before delete, archive, add, or pin actions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (10)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The script explicitly instructs the user to retrieve an OAuth token from Google account session data via browser developer tools and then feeds it into a token exchange flow. This bypasses normal OAuth consent handling, encourages unsafe handling of highly sensitive session credentials, and can lead to account compromise or policy-violating authentication abuse if the token is exposed or reused improperly.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The README instructs users to obtain an OAuth token by extracting it from browser developer tools and then storing it manually in a local file, but it does not clearly warn that this credential grants account access and must be protected like a password. This creates a realistic risk of token theft, accidental disclosure through shell history, screenshots, copied files, or insecure file permissions, especially because the process is explicitly nonstandard and bypasses safer OAuth handling patterns.

Missing User Warnings

Medium
Confidence
77% confidence
Finding
The skill advertises archive, delete, pin, and other state-changing operations without any warning, confirmation guidance, or caution about modifying user data. In an agent-driven context, this increases the chance of accidental destructive actions against notes, especially when commands are composed from natural-language requests.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The setup instructions direct the user to generate and paste a token into a local file but provide no warning that this file contains sensitive credentials. This can lead to insecure storage, accidental disclosure, inclusion in backups or version control, and misuse of a token that grants access to private notes.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script collects sensitive authentication material and then prints the full response and resulting token directly to stdout, with no masking, storage guidance, or warning about exposure through shell history, terminal logs, screenshots, or shared environments. In the context of a note-management skill, this is unnecessarily dangerous because compromise of the token can grant access to the user's Google Keep data and possibly broader account-linked functionality depending on token scope.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The login flow prompts for a Google password or app password and stores a long-lived authentication token in a local JSON file. Although the file permissions are restricted to 0600, the tool gives no explicit warning to users about the sensitivity of the password/token or the risks of storing reusable credentials on disk, which can lead to accidental exposure through backups, dotfile sync, or local compromise.

Unpinned Dependencies

Low
Category
Supply Chain
Content
gkeepapi>=0.14.0
google 
google-auth-oauthlib 
google-api-python-client
Confidence
94% confidence
Finding
google

Unpinned Dependencies

Low
Category
Supply Chain
Content
gkeepapi>=0.14.0
google 
google-auth-oauthlib 
google-api-python-client
Confidence
96% confidence
Finding
google-auth-oauthlib

Unpinned Dependencies

Low
Category
Supply Chain
Content
gkeepapi>=0.14.0
google 
google-auth-oauthlib 
google-api-python-client
Confidence
96% confidence
Finding
google-api-python-client

Unpinned Dependencies

Low
Category
Supply Chain
Content
gkeepapi>=0.14.0
google 
google-auth-oauthlib 
google-api-python-client
Confidence
93% confidence
Finding
gkeepapi>=0.14.0

VirusTotal

36/36 vendors flagged this skill as clean.

View on VirusTotal