ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Clawback

v0.2.0

Gmail security proxy with policy enforcement, approval workflows, and audit logging. Use when the user wants to read, search, or send Gmail with guardrails —...

0· 393·0 current·0 all-time
byRotem Tamir@rotemtam
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Gmail security proxy with approvals/audit) match the declared requirement of a 'clawback' binary and the SKILL.md commands that use that binary. There are no unrelated env vars, binaries, or install steps requested.
Instruction Scope
SKILL.md instructs the agent to run the 'clawback' CLI, handle specific exit codes, and poll approvals in the background; these instructions are within the claimed scope but imply the agent will hold and poll approval IDs and should not surface CLI plumbing to users. This is a trust decision (the proxy/service will see mailbox data during normal operation).
Install Mechanism
No install spec is included (instruction-only), and SKILL.md points to upstream GitHub releases for the binary. No downloads or extract steps are embedded in the skill itself.
Credentials
The skill declares no required env vars or credentials. SKILL.md mentions optional CB_SERVER and connection ids; this is proportional. Note: real Gmail access is obtained via the clawback CLI's auth flow, so the external Clawback service will receive OAuth scopes — the user should review what scopes/permissions that service requests.
Persistence & Privilege
always is false and the skill is user-invocable. It does request the agent perform background polling of approvals, but it does not demand permanent/all-agent presence or modify other skills' configs.
Assessment
This skill is coherent, but it requires trust in the external Clawback service because the CLI's device-flow authentication gives that service access to your Gmail data (and it enforces policies and logs audits). Before installing: (1) verify you obtain the 'clawback' binary only from the official repo/releases (https://github.com/honeybadge-labs/clawback or https://clawback.sh), (2) inspect the OAuth scopes the CLI requests during auth so you understand what the proxy can read/send, (3) confirm your org's policy about routing mail through a third-party proxy/audit service, and (4) be aware the agent is instructed to poll approval state in the background and to keep approval IDs/internal CLI output hidden from users — this requires you to trust the skill to notify you accurately. If any of those trust points are unacceptable, do not install.

Like a lobster shell, security has layers — review code before you run it.

latestvk973qb1e1xeac1pn71ax473s9581x520

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🛡️ Clawdis
Binsclawback

Comments