Skillv1.0.2

ClawScan security

Gmail Send Email · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 27, 2026, 4:15 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's declared purpose (sending Gmail messages via the gog CLI) matches its requirements and instructions, but it omits important operational details (authentication, input escaping) that you should review before enabling it.
Guidance: Before installing or enabling this skill: (1) Confirm you have the official/expected 'gog' binary installed from a trusted source and that it is properly authenticated to a Gmail account you control. (2) Understand that the agent will run a shell command to send mail — require explicit confirmation or tight prompts to avoid accidental or malicious sends. (3) Ensure inputs (to/subject/body) are safely escaped or passed in a way that avoids shell/argument injection; if the platform lets you, prefer structured API invocation rather than composing a single shell command string. (4) Review where the 'gog' CLI stores its auth tokens (local config files) and ensure those credentials are protected. (5) Test the workflow in a safe environment (test account) before allowing production use.

Purpose & Capability: okThe skill is an instruction-only node that calls the 'gog' CLI to send mail. Requiring the 'gog' binary is appropriate and proportional to the described purpose; there are no unrelated binaries, env vars, or install steps requested.
Instruction Scope: concernThe SKILL.md tells the agent to run a shell command with interpolated recipient/subject/body values (gog gmail send --to ... --subject ... --body ...). It doesn’t describe safe escaping/quoting or require use of a structured API call, so there is a risk of shell/argument injection or accidental sending of unintended content. It also doesn’t state that the CLI must be pre-authenticated or how to handle failures.
Install Mechanism: okThere is no install spec (instruction-only). That is low-risk because nothing is downloaded or written by the skill itself.
Credentials: noteThe skill requests no env vars or credentials, which is consistent for an instruction-only wrapper. However, in practice the 'gog' CLI will need Gmail credentials/configuration stored elsewhere (user config files or local auth tokens). Those credentials are not declared or explained here.
Persistence & Privilege: okalways is false and the skill is user-invocable. The skill does not request permanent platform presence or attempt to modify other skills or global agent configuration.