add-gmail

The skill aims to provide Gmail integration for NanoClaw with both tool and channel modes, including OAuth flows and external dependencies. The footprint is broadly coherent with the stated purpose, but notable risks arise from: reliance on an external Gmail remote repository for code, local credentials storage and automatic OAuth/auth flows, and transitive dependencies (external MCP server and googleapis package). These elevate supply-chain and credential exposure risks. The design is proportionate to the Gmail integration task if proper code review, access controls, and credential handling safeguards are enforced; otherwise, it remains suspicious due to remote code merges and local credential surface.