Security audit

Gog Jasmine Yottol

Security checks across malware telemetry and agentic risk

Overview

This skill matches its Google Workspace purpose, but it asks for broad Google account authority and includes under-disclosed OAuth/package provenance details that users should review carefully.

Install only if you trust the Homebrew formula and the publisher. Prefer your own verified Google OAuth client, inspect the Google consent screen, grant only the services you need, and require explicit approval before sending mail, creating events, or changing/clearing Sheets.

SkillSpector

By NVIDIA

Vulnerability Patterns

Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Credential Access

High

Category: Privilege Escalation
Content: Use `gog` for Gmail/Calendar/Drive/Contacts/Sheets/Docs. Requires OAuth setup. Setup (once) - `gog auth credentials /path/to/client_secret.json` - `gog auth add you@gmail.com --services gmail,calendar,drive,contacts,sheets,docs` - `gog auth list`
Confidence: 70% confidence
Finding: secret.json

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.