ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Gmail Secretary

v1.0.27

Gmail triage assistant using Haiku LLM for classification, label application, and draft replies (uses gog CLI; never auto-sends).

0· 2k·10 current·10 all-time
by@officialdelta
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The scripts implement exactly what the description says (fetch inbox, build voice reference from Sent, classify with an LLM agent, create drafts, and apply labels). However the registry metadata claims no required binaries or env vars while the scripts clearly require node and the 'gog' CLI (invoked at /home/linuxbrew/.linuxbrew/bin/gog) and use GOG_ACCOUNT/GOG_KEYRING_PASSWORD. The omission of these runtime requirements is an incoherence.
Instruction Scope
Instructions and scripts operate only on the user's Gmail via the gog CLI and local cache files (no external network endpoints other than what gog uses). They read Sent mail to build a voice profile and redact some PII, create draft text and triage summaries, and apply labels. This is within the stated purpose, but the skill will access and process personal email content (including Sent messages) and write files under /home/delta/.openclaw/workspace — the hard-coded paths are environment-specific and potentially surprising.
Install Mechanism
There is no download/install spec (instruction-only + bundled scripts). That avoids remote code fetching, which is lower risk. The scripts will be present on disk as part of the skill package; they invoke existing local binaries rather than installing new ones.
!
Credentials
The skill requests no env vars in metadata, but the scripts rely on GOG_ACCOUNT and GOG_KEYRING_PASSWORD (with defaults). It also implicitly needs the user's gog-authenticated Gmail credentials via the gog CLI. Requesting access to a mailbox is proportional to a Gmail triage assistant, but the missing/undocumented credential requirements and a hardcoded keyring-password default ('openclaw') are mismatches and could lead to accidental credential exposure or misconfiguration.
Persistence & Privilege
The skill does not set always:true and does not modify other skills. It can, however, modify the user's Gmail labels (apply-labels.sh) which is a meaningful capability. Autonomous invocation is allowed by default (disable-model-invocation is false) — combined with Gmail access this increases impact, but autonomous invocation alone is expected for many skills.
What to consider before installing
This skill appears to implement a real Gmail triage workflow, but there are a few red flags you should address before installing or running it: - Verify required binaries and paths: the scripts call /home/linuxbrew/.linuxbrew/bin/gog and node, but the skill metadata lists no required binaries. Ensure 'gog' and Node.js are installed at those paths or edit the scripts to point to the correct locations. - Confirm credentials usage: the scripts rely on GOG_ACCOUNT and GOG_KEYRING_PASSWORD (defaults exist). The package metadata should declare these; otherwise you may be surprised when the skill accesses your Gmail via the local gog credential store. Do not set a real password to the weak default value; prefer explicit, documented configuration. - Review data access and outputs: the skill reads inbox and Sent messages to build a voice reference and will write drafts and triage files under /home/delta/.openclaw/workspace/cache. Inspect those generated files (gmail-drafts.md, gmail-triage.md, gmail-inbox-summaries.json, gmail-triage-labels.json) before letting the agent act on them. The voice reference samples include personal context (name, school); confirm you are comfortable with that processing and local storage. - Test manually first: run the scripts yourself in a controlled environment or on a throwaway/secondary Gmail account to verify behavior (that it only creates drafts and applies labels) before granting the agent autonomous access. - Consider limiting autonomy: if you don't want the agent to alter your mailbox without oversight, disable autonomous invocation for this skill or require manual invocation for apply-labels.sh. If the author updates the skill metadata to declare required binaries (gog, node), required env vars (GOG_ACCOUNT, GOG_KEYRING_PASSWORD), and avoids hard-coded absolute paths (or documents them), the incoherences would be resolved and my assessment could be upgraded to benign.
scripts/apply-labels.sh:23
Shell command execution detected (child_process).
scripts/build-voice-reference.sh:33
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk973t8ceed7xbmjan1kyrxdvb983d4nq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments