gws-install
Pass
Audited by Gen Agent Trust Hub on Mar 13, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: Fetches the official
@googleworkspace/clipackage from the npm registry, which is a well-known service. - [COMMAND_EXECUTION]: Executes shell commands to install software globally, manage local configuration directories, and perform OAuth authentication via the CLI.
- [REMOTE_CODE_EXECUTION]: Utilizes
npxto run a skill installation command from the Google Workspace CLI package, which involves fetching and executing code as part of the intended setup process. - [CREDENTIALS_UNSAFE]: The skill manages the user's
client_secret.jsonby guiding them to provide its contents or path. This sensitive information is used locally within the~/.config/gws/directory to authenticate the CLI and is not transmitted to any untrusted external entities.
Audit Metadata