Google Workspace CLI (gws)

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed wrapper for Google Workspace CLI access, but users should scope OAuth and agent permissions carefully because it can affect live Workspace data.

Install only if you intend to let an agent operate on Google Workspace. Use a dedicated or low-privilege account where possible, choose only needed services/scopes, prefer service-limited MCP mode, preview with dry-run where available, and require explicit approval before sending messages, changing sharing, editing files/calendars, deleting data, or performing admin actions.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill explicitly advertises capabilities to read/send Gmail, modify Calendar, write Sheets, manage Drive, and send Chat messages, but it does not provide clear safety guidance about external side effects, data sensitivity, authorization scope minimization, or requiring explicit user confirmation before destructive or privacy-impacting actions. In an agent setting, these are real-world operations against a live Workspace tenant, so omission of warnings increases the risk of unintended data modification, data disclosure, or outbound communications.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal