Security Audit

gmail-agent

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

CAUTION

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

gmail-agent received a trust score of 66/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.

SkillShield's automated analysis identified 3 findings: 0 critical, 2 high, 1 medium, and 0 low severity. Key findings include Unquoted variable in echo statement allows command injection, Unpinned external binary dependency.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.

Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

100%

LLM Behavioral Safety

63%

Behavioral Risk Signals

Network Access

1 finding

Shell Execution

3 findings

Dynamic Code

2 findings

Security Findings3

Severity	Finding	Layer	Location
HIGH	Unquoted variable in echo statement allows command injection The script `bins/gmail-label-audit.sh` uses the `$LABEL` and `$ACCOUNT` variables directly within `echo` statements without proper quoting. If these variables contain shell metacharacters or command substitutions (e.g., `$(evil_command)`), they will be executed by the shell. The `$LABEL` variable is derived from user input (via the agent), and `$ACCOUNT` is derived from an environment variable or user input, making this a direct command injection vulnerability. Quote the variables in `echo` statements to prevent shell expansion. For example, use `printf 'Auditing label: %s\n' "${LABEL}"` or `echo "Auditing label: ${LABEL}"`.	LLM	bins/gmail-label-audit.sh:40
HIGH	Unquoted variable in echo statement allows command injection The script `bins/gmail-cleanup.sh` uses the `$ACCOUNT` variable directly within an `echo` statement without proper quoting. If this variable contains shell metacharacters or command substitutions (e.g., `$(evil_command)`), they will be executed by the shell. The `$ACCOUNT` variable is derived from an environment variable or user input, making this a direct command injection vulnerability. Quote the variable in the `echo` statement to prevent shell expansion. For example, use `printf 'Cleaning Gmail for %s...\n' "${ACCOUNT}"` or `echo "Cleaning Gmail for ${ACCOUNT}..."`.	LLM	bins/gmail-cleanup.sh:40
MEDIUM	Unpinned external binary dependency The skill requires the 'gog' binary but does not specify a version or hash. This introduces a supply chain risk, as a malicious or vulnerable version of 'gog' could be used if not properly managed by the execution environment. It's best practice to pin external dependencies to specific versions or provide integrity checks. Specify a minimum version or exact version for the 'gog' binary, or provide a mechanism for integrity verification (e.g., checksum) if possible. Ensure the execution environment verifies the integrity of external binaries.	LLM	SKILL.md

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/1821832640f191d0.svg)](https://skillshield.io/report/1821832640f191d0)