Gmail Daily Briefing

Security checks across malware telemetry and agentic risk

Overview

This Gmail assistant is purpose-aligned, but it needs review because it handles sensitive Google OAuth access, prints full email contents, stores persistent tokens, and can create calendar events without strong user confirmation.

Install only if you are comfortable granting ongoing Gmail read access and Calendar event creation to this skill. Use a low-risk Google account if possible, protect or delete token.json when not in use, revoke the OAuth grant when finished, and ask the agent to show proposed calendar events before creating them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Rogue AgentSelf-Modification, Session Persistence
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection

Findings (12)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 90% confidence
Finding: The skill declares sensitive operational requirements such as Python execution and a persistent token.json file, but does not declare explicit permissions for file access, file writes, or network use. That under-specification is dangerous because the skill handles OAuth credentials and mailbox/calendar data, so users and policy systems may not realize it can store tokens locally and communicate with Google APIs.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 87% confidence
Finding: The description presents the skill mainly as a daily email summarizer with calendar automation, but the analyzed behavior also includes OAuth setup, token refresh/storage, and manual calendar event creation paths. This mismatch reduces informed consent and can cause users to authorize broader or more persistent capabilities than they expected, especially when sharing OAuth files and callback URLs with an agent.

Description-Behavior Mismatch

Medium

Confidence: 90% confidence
Finding: The implementation materially exceeds the stated safe behavior by collecting and printing full email bodies, while not implementing the advertised ranking, summarization, or calendar creation workflow. This creates unnecessary exposure of highly sensitive mailbox contents and can mislead users about what the skill actually does, increasing privacy and data-handling risk.

Missing User Warnings

Medium

Confidence: 82% confidence
Finding: The README advertises automatic Google Calendar event creation based on email content, but it does not clearly warn users that the skill will modify calendar data on their behalf. In an agent context, this can lead to unexpected side effects such as incorrect, spammy, or privacy-sensitive event creation from misclassified emails, making the behavior riskier than a read-only summarization skill.

Missing User Warnings

High

Confidence: 96% confidence
Finding: The README instructs users to send an OAuth client secret JSON and the full authorization callback URL to the agent without any security warning or handling guidance. Those artifacts can expose OAuth client details and, more importantly, the callback URL may contain an authorization code that allows the agent or any intermediary with access to exchange it for access/refresh tokens to the user's Gmail and Calendar.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The setup instructs users to send OAuth client secret files and the full localhost callback URL to the agent without a clear warning that these are sensitive authentication artifacts. In this context, that is risky because the skill handles Google account access; exposing these materials to an untrusted or over-privileged agent could enable unauthorized mailbox/calendar access or facilitate token abuse.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill advertises automatic Google Calendar event creation based on email content, but does not prominently warn users that it may take write actions on their calendar without per-event confirmation. In a Gmail-reading skill, this increases the chance of unwanted or spoofed calendar entries created from misleading email content, which can affect scheduling integrity and user trust.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The instructions direct the agent to access Gmail contents and create Calendar events on the user's behalf, but they do not require an explicit just-in-time warning or confirmation before these sensitive actions occur. Because the skill handles highly sensitive email data and can modify the user's calendar, missing a clear consent/notification step increases the risk of privacy violations and unintended actions.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script prints sender, date, subject, and full body content for all recent emails directly to stdout without any warning, masking, or confirmation step. In agent environments, console output is often captured in logs, transcripts, or observability tooling, so this behavior can leak sensitive personal, business, or credential-bearing information beyond the intended mailbox context.

Autonomous Decision Making

Medium

Category: Excessive Agency
Content: ## Setup Before First Use > **The agent must run all commands below itself. Do NOT ask the user to run them.** Before running any script, ensure the Python environment is ready:
Confidence: 84% confidence
Finding: Do NOT ask the user

Autonomous Decision Making

Medium

Category: Excessive Agency
Content: ## Available Commands > **The agent must run all commands below itself. Do NOT ask the user to run them.** - `python scripts/fetch_emails.py` — Fetch emails from the last 24 hours and print full content - `python scripts/create_event.py --title "..." --date "YYYY-MM-DD" --time "HH:MM" [--duration 60]` — Create a Google Calendar event
Confidence: 90% confidence
Finding: Do NOT ask the user

Session Persistence

Medium

Category: Rogue Agent
Content: --- name: gmail-daily-briefing description: Fetch Gmail emails from the last 24h, rank by importance, summarize into bullet points, and auto-create Google Calendar events for detected meetings. metadata: openclaw: requires:
Confidence: 82% confidence
Finding: create Google Calendar events for detected meetings. metadata: openclaw: requires: bins: - python files: - token.json --- # Email & Calendar Assistant Skill ## Desc

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal