ClawHub
Back to skill
v1.0.2

voice-email

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:54 AM.

Analysis

This accessibility-focused voice email skill is coherent, but it needs review because it can send Gmail messages from transcribed voice commands without a clearly enforced confirmation step.

GuidanceReview this skill carefully before installing. It is not malicious from the provided artifacts, but it can send real emails from a Gmail account based on voice transcription. Use a test or dedicated Gmail account, verify gogcli before authenticating, document the OAuth scopes, and add a mandatory confirmation or draft-only step before any email is sent.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusConcern
SKILL.md
The agent will:
1. Transcribe it (via Deepgram)
2. Parse the fields
3. Send the email (via gogcli)

The main workflow directs the agent to send an email after parsing a voice command, which is a high-impact external action. The artifact does not clearly require a preview or confirmation step before invoking the Gmail-sending tool.

User impactA misheard or incorrectly parsed voice command could send an unintended email from the user's Gmail account.
RecommendationRequire an explicit confirmation step that previews recipient, subject, and body before every send, and consider defaulting to creating drafts instead of sending immediately.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SETUP.md
npm install -g gogcli
...
Download from https://gogcli.ai and verify the binary checksum.

The skill depends on an externally installed Gmail CLI that is not included in the artifact set. This is central to the skill's purpose, but users should verify the package/source because it will handle Gmail access.

User impactA compromised or incorrect external CLI could affect the Gmail account used by the skill.
RecommendationInstall gogcli only from a trusted source, verify checksums when using binaries, and prefer pinned or documented versions.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusConcern
SKILL.md
credentials:
    - deepgram_api_key
    - telegram_bot_token
    - gmail_oauth  # via gogcli, stored in system keyring

The skill requires sensitive service credentials and Gmail OAuth access. This is expected for the purpose, but it is high-impact account authority and the registry metadata separately lists no primary credential or required env vars.

User impactInstalling and configuring the skill may grant a third-party CLI and the agent the ability to use a Gmail account for outbound email.
RecommendationUse a dedicated Gmail account where possible, declare the credential requirements in registry metadata, document the exact OAuth scopes, and use least-privilege access.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityMediumConfidenceHighStatusNote
SKILL.md
Data: Voice recordings processed by Deepgram, emails sent via user's Gmail

The artifact discloses that voice recordings and email content flow through external services. This is purpose-aligned, but the data can be sensitive.

User impactVoice messages and email contents may be processed by third-party providers as part of normal operation.
RecommendationAvoid sending highly sensitive content through this workflow unless the provider terms, retention settings, and account configuration are acceptable.