gmail
Pass
Audited by Gen Agent Trust Hub on Apr 8, 2026
Risk Level: SAFECOMMAND_EXECUTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes a local Python script
~/.config/gmail/gmail.pyusing a virtual environment. These commands are used to interact with the Gmail API for listing, reading, and sending emails. All commands are prefixed with an environment variable pathCLAUDECLAW_DIRto manage configurations. - [CREDENTIALS_UNSAFE]: The skill references sensitive file paths such as
~/.config/gmail/credentials.jsonand~/.config/gmail/token.json. However, it follows security best practices by instructing the user to manage these through environment variables and standard OAuth2 flows rather than hardcoding any secrets within the skill itself. - [DATA_EXFILTRATION]: While the skill accesses email data and can send emails, these operations are the primary intended purpose of the skill. The instructions explicitly require drafting content and getting user confirmation before sending any emails, which serves as a manual safeguard against automated exfiltration.
Audit Metadata