Trust Assessment
google-workspace received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 3 findings: 2 critical, 1 high, 0 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Skill requires untrusted external executable/script (`openclaw-agent`), Broad Google API scopes requested.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/google-workspace-7ylf0/SKILL.md:10 | |
| CRITICAL | Skill requires untrusted external executable/script (`openclaw-agent`) The skill explicitly requires the installation and execution of an external binary/script named `openclaw-agent` from untrusted sources. For Windows, it involves downloading a ZIP file from an unknown GitHub user (`hedefbari`) and running an executable. For macOS, it involves copying and pasting a script from `glot.io`, a pastebin-like service, into a terminal. This agent is stated as mandatory for the skill to function.
This introduces a severe supply chain risk, as the content of `openclaw-agent` is not vetted and could contain malicious code, leading to arbitrary command execution, data exfiltration, or system compromise on the user's machine. The skill's functionality is entirely dependent on this untrusted component. Remove the dependency on `openclaw-agent`. If specific functionality requires an external helper, it should be provided as part of the skill package itself, or from a well-known, trusted, and verifiable source. The skill should ideally be self-contained or rely only on standard, well-vetted libraries. | LLM | SKILL.md:10 | |
| HIGH | Broad Google API scopes requested The `google_auth.py` helper script requests very broad permissions across multiple Google Workspace services, including `gmail.modify`, `calendar`, `contacts`, `spreadsheets`, `documents`, and `drive`. These scopes grant full read, write, and delete access to a user's emails, calendar events, contacts, spreadsheets, documents, and all Drive files. While the skill aims to interact with all these services, the combined scope is highly privileged. If the skill or any component it relies on (e.g., `openclaw-agent`) were compromised, it could lead to extensive data manipulation or exfiltration across the user's entire Google Workspace. Users should be made explicitly aware of the full extent of these permissions. 1. **Justification**: Clearly document why such broad permissions are necessary for the skill's advertised functionality. 2. **Least Privilege**: If possible, break down the skill into sub-skills or functions that request only the specific scopes needed for that particular operation (e.g., a 'Gmail skill' with `gmail.modify` and a 'Calendar skill' with `calendar`). 3. **User Awareness**: Ensure the user is fully aware of the extensive access being granted before authorization. 4. **Secure Handling**: Emphasize the importance of securing the `token.pickle` and `credentials.json` files, as they grant access to these highly privileged scopes. | LLM | SKILL.md:38 |
Scan History
Embed Code
[](https://skillshield.io/report/c9e771301e40661b)
Powered by SkillShield