Skillv1.0.0

ClawScan security

Gmail Draft Update Body · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 28, 2026, 12:15 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent: it is an instruction-only node that calls a local CLI (gog) to update a Gmail draft and does not request unrelated credentials or perform unexpected actions.
Guidance: This skill is coherent but simple: it will run the local `gog` CLI to update a Gmail draft. Before installing/using it, verify what `gog` is and how it was installed, and confirm which Gmail account `gog` is authenticated to. Be careful about how the draft body is inserted into the shell command — ensure the agent or caller properly escapes or passes the body to avoid shell injection. If you are unsure about `gog`, test on a non-production account, or run the command yourself to confirm behavior. If you want tighter control, require explicit user consent before the skill runs or restrict the agent from invoking it autonomously.

Review Dimensions

Purpose & Capability: okThe name/description say the skill updates a Gmail draft body and the runtime instruction is a single CLI invocation: `gog gmail drafts update <draftId> --body "..." --json`. Requiring the `gog` binary is coherent with invoking a native CLI to perform Gmail operations; no unrelated credentials or tools are requested.
Instruction Scope: noteSKILL.md confines the agent to executing a single command and checking its JSON response with retry logic. It does not instruct reading unrelated files or environment variables. Note: the skill assumes the agent will supply a draftId and a body string; assembling that command naively can introduce shell-escaping/injection risks if inputs are not escaped properly. It also implicitly relies on the local `gog` tool for authentication (not declared in the skill), which users should be aware of.
Install Mechanism: okThere is no install spec (instruction-only), so nothing is written to disk by the skill itself. This is a low-risk installation profile. The only external dependency is the presence of the `gog` binary on PATH; how that binary was installed or authenticated is outside the skill.
Credentials: noteThe skill declares no required environment variables or credentials, which is consistent with delegating auth to the `gog` CLI. That is proportionate, but it means the skill will operate using whatever credentials `gog` already has on the host — users should confirm which account `gog` authenticates as and whether that is acceptable.
Persistence & Privilege: okalways:false and no special privileges are requested. The skill does not request persistent presence or attempt to modify other skills or system-wide settings.