ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Google Workspace CLI (gws)

v1.0.0

Google Workspace CLI (official Google release) for Drive, Gmail, Calendar, Sheets, Docs, Chat, Admin, and every Workspace API. Includes native MCP server mod...

0· 346·2 current·2 all-time
byZero2Ai@zero2ai-hub
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, description, and required binary ('gws') align with the documented capabilities (Drive, Gmail, Calendar, Sheets, Docs, Chat, Admin, MCP server). The operations and CLI flags shown in SKILL.md are consistent with a Workspace CLI.
Instruction Scope
SKILL.md stays on-purpose: it instructs installing gws, performing OAuth/service-account auth, and running gws mcp to expose Workspace APIs. It does allow broad access to user data (Gmail, Drive, etc.) when credentials are granted and instructs storing/using a credentials JSON file. The instructions do NOT ask the agent to read unrelated system files, but they do tell the user to place sensitive credential JSON on disk and set an env var to point at it.
Install Mechanism
There is no registry install spec, but SKILL.md recommends installing via npm (public registry), cargo (git), or nix. These are standard mechanisms (moderate risk). The registry metadata didn't include an automated install, and the package/source provenance in the registry is not fully authoritative (owner id unknown), so verify the npm package and GitHub repo are the official GoogleWorkspace org before installing.
!
Credentials
Registry metadata declares no required env vars, but SKILL.md references and recommends setting GOOGLE_WORKSPACE_CLI_CREDENTIALS_FILE and using a service-account JSON. The skill will require OAuth tokens or service-account keys (sensitive secrets) to function — these are not declared as required in metadata. Requesting Workspace credentials is expected for this CLI, but the omission in metadata and the broad scopes implied (Gmail/Drive/Calendar/etc.) increases risk if least-privilege practices are not followed.
Persistence & Privilege
always:false (default) so the skill is not force-included. Autonomous invocation is allowed (platform default). The SKILL.md shows how to run an MCP server that can expose hundreds of Workspace tools; while this is coherent with the skill purpose, it materially increases blast radius if the agent or skill is given credentials — limit the services (-s) and use compact mode where possible.
What to consider before installing
This skill appears to be the Workspace CLI described, but proceed cautiously: 1) Verify provenance — confirm the npm package @googleworkspace/cli and the GitHub repo are the official googleworkspace organization and check release signatures or commit history before installing. 2) Credentials — the CLI needs OAuth or a service-account JSON (sensitive). The SKILL.md references GOOGLE_WORKSPACE_CLI_CREDENTIALS_FILE but the registry metadata does not declare it; make sure you only provide least-privilege credentials and store them in a secure place (secret manager or isolated host). 3) Limit exposure — if you run gws mcp, restrict services with -s and use --tool-mode compact to reduce number of tools the agent can call. Prefer running the MCP server on an isolated machine or container rather than on a shared agent host. 4) Principle of least privilege — create service accounts with only the scopes needed, avoid granting broad Gmail/Drive scopes unless necessary, and rotate keys regularly. 5) Ask the publisher/maintainer for clarification: update registry metadata to declare required env vars (e.g., GOOGLE_WORKSPACE_CLI_CREDENTIALS_FILE), provide an authoritative install spec and checksums, and confirm that the package is the official Google release. If you cannot confirm provenance or cannot enforce least-privilege credentials and environment isolation, treat this skill as high-risk and avoid installing it in production environments.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ez2qwa2yq6n5ej5tzth7qv982gvt2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🏢 Clawdis
Binsgws

Comments