ClawHub

Google Workspace (gws CLI)

Security checks across malware telemetry and agentic risk

Overview

This skill is transparent about managing Google Workspace, but it gives an agent broad access to email, files, calendars, admin data, and destructive actions without enough built-in scoping or confirmation guidance.

Install only if you want an agent to operate Google Workspace on your behalf. Use the narrowest OAuth scopes possible, avoid domain-admin or full Workspace credentials unless required, protect exported credential files, and require explicit human confirmation before sending email, sharing files, deleting data, running admin actions, enabling MCP access, or executing batch pipelines.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

High
Confidence
95% confidence
Finding
The authentication instructions tell users to export unmasked credentials into a JSON file and move them to a server without any warning about secret handling, file permissions, storage lifetime, or leakage risks. This can expose reusable Google Workspace credentials, enabling unauthorized access to mail, files, calendars, and other tenant data if the file is copied, logged, committed, or read by other users on the system.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill advertises an extremely broad activation scope, including 'any other Google Workspace operation,' which can cause the agent to invoke a highly privileged integration for loosely related requests. In context, this skill can access Gmail, Drive, Admin, and other sensitive Workspace APIs, so overbroad routing increases the chance of unnecessary exposure of email, files, calendars, or directory data.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The examples normalize reading Gmail content and querying Admin directory data without clearly warning that these operations may expose sensitive personal, organizational, or regulated information. In an agent setting, example-driven use can implicitly encourage privacy-impacting actions without consent checks or least-privilege guidance.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation includes a bulk deletion pipeline that permanently deletes every trashed Drive file with no warning, confirmation step, or scoped safeguards. In an agent-executed or copy-pasted context, this can cause large-scale unintended data loss, especially because the skill is designed for broad Google Workspace automation.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal