v1.0.0

Google Keep

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:44 AM.

Analysis

The skill matches its Google Keep purpose, but it asks for and stores a non-expiring Google master token with full account access.

GuidanceInstall only if you accept using an unofficial Google Keep client that stores a non-expiring, full-account Google master token locally. Consider using a dedicated Google account, pinning dependencies, protecting or deleting the `.config` directory, and reviewing any create/edit/delete/dump command before allowing an agent to run it.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

SKILL.md

command: "cd \"$SKILL_DIR\" && uv venv .venv && .venv/bin/pip install gkeepapi gpsoauth"

The install step fetches unpinned third-party Python packages, including unofficial Google API tooling.

User impactFuture package changes or dependency compromise could change the behavior of the skill after installation.

RecommendationPin package versions, review dependency provenance, and consider using a lockfile or trusted package mirror.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusNote

SKILL.md

`gkeep edit <id-or-title> --text "Updated text"` ... `gkeep delete <id-or-title>`

The documented CLI can mutate Google Keep data and move notes to trash; this is aligned with the stated purpose but is still account-impacting authority.

User impactMistyped identifiers, ambiguous titles, or unintended agent actions could alter or trash the wrong notes.

RecommendationReview mutating commands before use, prefer exact note IDs over titles, and keep backups for important notes.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

SKILL.md

Copy the value of the `oauth_token` cookie ... `gkeep auth-master <email> <master_token>` ... The master token has full account access ... It does **not expire**

The skill asks the user to provide high-value Google credentials and stores a non-expiring master token with account-wide authority, which is broader than a Keep-only integration.

User impactIf this token is exposed or misused, it could affect far more than Google Keep and may persist until manually revoked or the account is secured.

RecommendationUse only if you are comfortable granting this level of access; prefer a dedicated Google account, protect the `.config` directory, avoid putting tokens in reusable shell history, and revoke/rotate credentials if no longer needed.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityMediumConfidenceHighStatusNote

gkeep.py

STATE_FILE = os.path.join(CONFIG_DIR, "state.json") ... json.dump(keep.dump(), f)

The skill persists synchronized Google Keep state locally, which can include private note data and labels.

User impactPrivate Google Keep content may remain on disk in the skill directory and could be included in local backups or exposed if the workspace is shared.

RecommendationKeep the `.config` directory private, exclude it from version control and backups where appropriate, and delete it when uninstalling the skill.