gmail

The Gmail automation skill is broadly coherent with its stated purpose and includes reasonable safeguards for destructive actions. The main concerns center on the installer’s trust boundary (local/remote provenance of install.sh), the handling of highly sensitive credentials (OAuth tokens, credentials.json, Anthropic API key), and the potential for misconfiguration during first-run setup. Absent evidence of hardcoded secrets or outbound exfiltration beyond legitimate API calls, the capability set remains plausible for a legitimate developer tool, but the attack surface and credential exposure risk warrant careful supply-chain scrutiny of the installer script, secret storage, and network endpoints. Overall risk: suspicious-to-benign (leaning toward benign with proper controls), securityRisk ~ 0.60, malware ~ 0.20, obfuscated ~ 0.05, confidence ~ 0.62.