gkeep
Pass
Audited by Gen Agent Trust Hub on Mar 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: The skill manages user credentials responsibly by storing authentication tokens in a local configuration file (
~/.config/gkeep/token.json) with restricted access permissions (0o600), ensuring that the credentials are only readable by the owner. - [SAFE]: Password handling is implemented securely. The skill allows users to provide passwords via a secure prompt using the
getpassmodule or through theGKEEP_PASSWORDenvironment variable, which prevents sensitive credentials from being logged in shell command histories. - [EXTERNAL_DOWNLOADS]: The skill downloads and installs the
gkeepapilibrary from the Python Package Index (PyPI) during its installation phase. This is a standard procedure for local tools to manage their dependencies and is required for the skill to interact with Google Keep services. - [SAFE]: The source code was analyzed for common attack vectors, including command injection and data exfiltration, and no malicious patterns or unauthorized network communications to non-Google domains were identified.
Audit Metadata