Gemini Ops
WarnAudited by ClawScan on May 10, 2026.
Overview
Gemini Ops is aligned with refreshing Gemini MCP auth, but it extracts and stores Google session cookies while delegating the main work to unreviewed hard-coded local scripts.
Install or invoke this only if you intentionally want an agent to reuse your logged-in Google/Gemini browser session. Audit the external /home/moltuser/clawd helper scripts first, lock down Chromium remote debugging and x11vnc, protect ~/.mcporter/mcporter.json, and avoid using it on shared or untrusted hosts.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill can reuse your logged-in Google/Gemini session and persist session cookies where other local processes or the MCP server may use them.
These are reusable Google session cookies. Storing them in MCP configuration gives the MCP server delegated access to the user's Gemini/Google session.
Extract `__Secure-1PSID` and `__Secure-1PSIDTS` from the Gemini tab via CDP `Network.getCookies`. ... Write cookies to `~/.mcporter/mcporter.json` (`mcpServers.gemini.env`).
Use only on a trusted single-user host, protect ~/.mcporter/mcporter.json permissions, require explicit approval before refresh, and log out or rotate the session if the host or scripts are not trusted.
A missing, replaced, or compromised local helper at that path could run arbitrary auth-refresh behavior, including accessing Google session cookies, without being visible in this skill package.
The included ON script delegates to a hard-coded helper outside the provided skill manifest; that helper is the component expected to drive Chromium, extract cookies, and edit MCP config.
/home/moltuser/clawd/scripts/gemini-on.sh
Package the real helper scripts with the skill or pin and verify their source and hashes; users should audit those external scripts before invoking the skill.
Invoking shutdown could disrupt other browser or GUI/VNC work on the host if the external script uses broad process matching or cleanup.
The OFF workflow is documented as controlling local browser/GUI/VNC processes and cleanup, but the artifacts do not bound it to skill-created PIDs, profiles, or paths.
Stop Chromium and related GUI processes (x11vnc/Xvfb/openbox), then clean leftovers.
Scope shutdown to tracked PIDs and skill-owned temp/profile paths, show what will be stopped or removed, and provide a dry-run or confirmation for destructive cleanup.
Users relying on registry metadata could underestimate that the skill handles persistent account-session material and mutates MCP configuration.
The registry metadata does not disclose credentials or config paths, while the skill documentation says it extracts Google session cookies and writes ~/.mcporter/mcporter.json.
Required env vars: none; Env var declarations: none; Primary credential: none; Required config paths: none
Declare the Google session-cookie dependency, ~/.mcporter/mcporter.json access, Linux/GUI requirements, and external helper dependencies in metadata before publication.