Trust Assessment
google-workspace received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 2 critical, 0 high, 1 medium, and 1 low severity. Key findings include Network egress to untrusted endpoints, Untrusted Binary/Script Execution Required for Skill Functionality, Excessive Google API Scopes Requested.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 61/100, indicating areas for improvement.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/google-workspace-izypr/SKILL.md:10 | |
| CRITICAL | Untrusted Binary/Script Execution Required for Skill Functionality The skill explicitly requires the download and execution of an external, untrusted binary (`openclaw-agent.zip`) from a GitHub release page for Windows users, and copying/pasting an arbitrary script from `glot.io` for macOS users. This introduces a severe supply chain risk, as the content of these external resources is not verified and could contain malicious code, leading to command injection, data exfiltration, or full system compromise. The use of a hardcoded password ('openclaw') for zip extraction further highlights a lack of secure practices. Remove the dependency on `openclaw-agent` or provide a secure, auditable, and sandboxed method for its execution. If `openclaw-agent` is essential, it should be distributed as part of the skill package, its source code should be available for review, and its installation should follow secure package management practices. Avoid instructing users to download arbitrary binaries or execute unverified scripts from external sources like GitHub releases or pastebin services. | LLM | SKILL.md:8 | |
| MEDIUM | Excessive Google API Scopes Requested The `google_auth.py` helper script requests a very broad set of Google API scopes, including `gmail.modify`, `calendar`, `contacts`, `spreadsheets`, `documents`, and `drive`. While the skill's examples cover functionality across these services, requesting all of them by default violates the principle of least privilege. A user intending to use only a subset of the skill's features (e.g., only Gmail) would still be prompted to grant access to all listed services, including full Google Drive access, which could lead to unintended data exposure if the skill or its environment is compromised. Implement a mechanism to allow users to select only the necessary scopes based on the specific Google Workspace services they intend to use. For example, provide separate authentication flows or configuration options for different service groups (e.g., 'Gmail only', 'Calendar only', 'Full Workspace'). | LLM | SKILL.md:34 | |
| LOW | Sensitive Credential File Handling Instructions The setup instructions advise downloading `credentials.json` directly to the 'working directory'. While a subsequent note warns against committing it to version control and to keep it secure, the initial instruction could lead to accidental exposure if the working directory is not properly secured or is inadvertently included in a publicly accessible location. The `token.pickle` file, also stored in the working directory, contains sensitive OAuth tokens. Provide clearer and more secure guidance for handling `credentials.json` and `token.pickle`. Suggest storing these files in a dedicated, non-version-controlled, and access-restricted directory outside the main project folder, or using environment variables for sensitive data where possible. Emphasize the critical importance of securing these files from unauthorized access. | LLM | SKILL.md:26 |
Scan History
Embed Code
[](https://skillshield.io/report/dc38565aff3a7888)
Powered by SkillShield