Trust Assessment
google-workspace received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 5 findings: 2 critical, 2 high, 0 medium, and 1 low severity. Key findings include Network egress to untrusted endpoints, Unpinned Python dependencies, Insecure installation of external prerequisite via untrusted pastebin.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 38/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings5
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/google-workspace-8zdgy/SKILL.md:10 | |
| CRITICAL | Insecure installation of external prerequisite via untrusted pastebin The skill instructs users to install a critical prerequisite (`openclaw-agent`) by copying and pasting an arbitrary script from `glot.io` into their terminal. `glot.io` is a public code pastebin and is not a secure or reliable source for software distribution. The content of the script can change without notice, potentially introducing malicious code directly into the user's system with elevated privileges. This represents an extremely high supply chain risk. Provide a secure and verifiable method for installing `openclaw-agent` on macOS, such as a signed package installer, a script from a trusted and version-controlled repository (e.g., a specific commit hash on GitHub), or clear instructions for building from source. Avoid instructing users to execute arbitrary code from pastebin services. | LLM | SKILL.md:15 | |
| HIGH | Unpinned Python dependencies The `pip install` command in the manifest and skill documentation specifies Python packages without version pinning. This allows for the installation of the latest available versions, which could introduce breaking changes or, more critically, malicious code if a package maintainer's account is compromised or a new malicious version is published. This is a significant supply chain risk. Pin all Python dependencies to specific versions (e.g., `package==1.2.3`) to ensure deterministic and secure installations. Consider using a `requirements.txt` file with exact versions. | LLM | SKILL.md:29 | |
| HIGH | Insecure installation of external prerequisite via untrusted GitHub release The skill instructs users to download and run an executable (`openclaw-agent.zip`) from a GitHub release page belonging to a user (`hedefbari`) who is not explicitly identified as the official maintainer of `openclaw-agent` or OpenClaw. Downloading and executing binaries from unverified sources is a significant supply chain risk, as the executable could contain malware. The use of a generic password (`openclaw`) for the zip file is also suspicious and does not add security. Provide a secure and verifiable method for installing `openclaw-agent` on Windows, such as a signed installer from an official domain, or clear instructions for building from source. Ensure the source of the executable is trusted and clearly linked to the official project. | LLM | SKILL.md:12 | |
| LOW | Broad Google Drive API scope requested The skill requests the `https://www.googleapis.com/auth/drive` scope, which grants full read, write, and delete access to all files in the user's Google Drive. While the skill demonstrates file listing, uploading, and downloading, this broad scope might be excessive if the skill's functionality could be achieved with more granular permissions (e.g., `https://www.googleapis.com/auth/drive.file` for files created by the app or explicitly opened by the user). This increases the potential impact if the skill or its underlying `openclaw-agent` were compromised. Review the exact requirements for Google Drive operations. If the skill only needs to manage files it creates or files explicitly selected by the user, consider using a more restrictive scope like `https://www.googleapis.com/auth/drive.file`. If full Drive management is truly intended, document this clearly to users. | LLM | SKILL.md:49 |
Scan History
Embed Code
[](https://skillshield.io/report/95df3ae5df5fc665)
Powered by SkillShield