Back to plugin

Security audit

OpenClaw Google Workspace

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Google Workspace integration, but it grants broad Google account authority and some write-capable actions are not clearly protected by confirmation or least-privilege scopes.

Install only if you are comfortable granting this plugin access to the selected Google Workspace services. Start with Gmail, Drive, and Sheets in read-only mode, enable write access only for specific needs, verify the OAuth scopes before consenting, and protect the credentials and token files under `~/.openclaw/secrets`.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

Detected: suspicious.install_untrusted_source

Install source points to URL shortener or raw IP.

Warn
Code
suspicious.install_untrusted_source
Location
openclaw.plugin.json:96
Evidence
"placeholder": "http://127.0.0.1:3000/oauth2callback",