Back to skill
Skillv1.0.1
VirusTotal security
Google Workspace CLI · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 4:38 AM
- Hash
- 7994bf84d21cc8c8fcb9bb602ddccf9adb2f40a0e8193239dec424291d50d55a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: gworkspace-cli Version: 1.0.1 The skill is classified as suspicious primarily due to the `SKILL.md` documentation stating that 'embedded credentials used by default' for Google OAuth if environment variables are not provided. This suggests a potential vulnerability in the underlying `gw` CLI regarding credential management, as 'embedded' credentials could imply hardcoded or insecurely managed secrets. Additionally, there is a minor supply chain discrepancy where the `npm install` command specifies `@11x.agency/gworkspace` while the `source` URL points to `https://github.com/robinfaraj/gworkspace-cli`, raising questions about the exact origin and security posture of the installed binary.
- External report
- View on VirusTotal