Google Keep
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill does what it says for Google Keep, but it asks for a long-lived Google master token with full account access, which is broader and more sensitive than a normal Keep-only integration.
Review this carefully before installing. The CLI appears coherent for Google Keep management, but only use it if you are comfortable extracting a Google auth token, storing a non-expiring master token locally, and relying on an unofficial reverse-engineered API. Consider using a separate Google account and protect or delete the skill’s `.config/` directory when not needed.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the token is exposed or misused, it could affect more than just Google Keep and may remain valid indefinitely.
The credential requested for a Keep CLI is a long-lived Google master token with full account access, which is broader than a scoped Keep-only authorization.
The master token grants **full access** to the associated Google account ... It does **not expire**
Use only with a dedicated or low-risk Google account if possible, protect and periodically remove/revoke the stored token, and prefer a scoped official OAuth flow if one becomes available.
Handling browser authentication tokens manually increases the chance of accidental disclosure through shell history, logs, screenshots, or copied commands.
The setup flow asks the user to manually extract a Google authentication cookie/token from the browser and pass it to the CLI.
Open DevTools: F12 → Application tab → Cookies → accounts.google.com ... Copy the value of the `oauth_token` cookie ... Run: `gkeep auth <email> <oauth_token>`
Avoid pasting tokens into shared terminals or transcripts, clear shell history if needed, and only proceed if you understand the credential handling risk.
Private Google Keep note contents may be stored on disk outside Google Keep, so local device compromise or backups could expose them.
The code writes a local cached dump of Keep state to `.config/state.json`, protected with file permissions but still retaining potentially sensitive note content locally.
with open(STATE_FILE, "w") as f:
json.dump(keep.dump(), f)
os.chmod(STATE_FILE, 0o600)Keep the skill directory private, exclude `.config/` from backups or version control if appropriate, and delete the cache when uninstalling or after sensitive use.
An agent or user invoking the wrong command could modify, archive, trash, or export Keep notes.
The CLI exposes account-mutating and bulk-export commands. These are aligned with the stated Keep management purpose, but they can alter or reveal user data.
`gkeep edit <id-or-title> --text "Updated text"` ... `gkeep delete <id-or-title>` ... `gkeep dump # All notes as JSON`
Review commands before running them, be especially careful with delete/edit/dump operations, and consider requiring explicit user confirmation in workflows that call this CLI.
Future package changes or dependency compromise could affect what code runs inside the skill environment.
The install command pulls unpinned third-party Python packages, including an unofficial Google Keep client and OAuth helper.
uv venv .venv && .venv/bin/pip install gkeepapi gpsoauth
Pin dependency versions, verify package provenance, and reinstall only from trusted package indexes.