Skillv1.0.0

ClawScan security

Gmail Auto Draft · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 12, 2026, 1:57 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and resource usage are consistent with its stated purpose (reading Gmail, generating replies via a model, and saving drafts), but it will transmit email content to whichever model endpoint you configure and saves OAuth tokens/config to your home directory — so review and restrict where you run it and which model you point it at.
Guidance: This skill does what it says: it reads unread Gmail messages matching your query, sends message content + context to a model to generate reply text, and saves drafts. Before installing/running: (1) Decide which model endpoint to use — prefer a local OpenClaw gateway if you need to avoid sending PII to OpenAI; the default docs point to localhost but you can set OPENAI_API_KEY to use OpenAI. (2) Create a dedicated Google OAuth client and review scopes (gmail.modify, gmail.compose); consider running with a test account first. (3) Be aware the script stores OAuth tokens at ~/.config/gmail-auto-draft/token.json and may read ~/.openclaw/openclaw.json for a gateway token. (4) Use one-shot mode and inspect created drafts before enabling polling/mark-read. (5) If you need stricter privacy, audit network calls in the script or run it in an isolated environment/account.

Review Dimensions

Purpose & Capability: okThe name/description (Gmail monitoring, AI-generated drafts) matches the included code and docs. The script uses Gmail API scopes to read messages and create drafts and calls an OpenAI-compatible client to generate text — all expected for this functionality.
Instruction Scope: noteRuntime instructions and the script operate within the described scope (poll Gmail, build prompts from message content + agency/profile/style files, call a model, create drafts, optionally mark read). Important privacy note: inbound message bodies and metadata are sent to the configured model endpoint (local OpenClaw gateway or external OpenAI) as part of prompt generation; this is explicit in the docs but is a meaningful data flow to confirm before use.
Install Mechanism: okThis is an instruction-only skill with bundled scripts and a requirements.txt; there is no remote download/install step. Dependencies are standard Python libraries (google-api-client/openai) and are proportional to the task.
Credentials: noteThe registry metadata lists no required env vars, but the code and docs expect environment variables (OPENAI_BASE_URL, OPENAI_MODEL, or OPENAI_API_KEY) and a Google OAuth client secret file. The script also reads ~/.openclaw/openclaw.json to obtain a gateway token if present and writes OAuth tokens to ~/.config/gmail-auto-draft/token.json — these are explainable by the local gateway option but are worth noting because they grant access to model/gateway credentials and store Gmail tokens on disk.
Persistence & Privilege: okThe skill does not request always:true or elevated platform privileges. It writes its own token file (~/.config/gmail-auto-draft/token.json) and may create a Gmail label for processed messages — both are expected for the stated behavior and limited in scope.