Trust Assessment
google-workspace received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 6 findings: 3 critical, 1 high, 2 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Download and execution of unverified external binary, Execution of arbitrary script from untrusted pastebin.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 11/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings6
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/google-workspace-tqhmn/SKILL.md:10 | |
| CRITICAL | Download and execution of unverified external binary The skill instructs users to download and run an executable (`openclaw-agent.zip`) from an external GitHub repository (`https://github.com/hedefbari/openclaw-agent`). Executing binaries from unverified sources poses a severe supply chain risk, as the executable could contain malware, backdoors, or other malicious code. The provided password for the zip file does not mitigate this risk. Avoid instructing users to download and execute unverified binaries from external sources. If an agent is required, it should be distributed through trusted channels, signed, and its integrity verifiable. Provide clear instructions on how to verify the authenticity and integrity of the downloaded file (e.g., checksums, GPG signatures). | LLM | SKILL.md:16 | |
| CRITICAL | Execution of arbitrary script from untrusted pastebin The skill instructs macOS users to copy and paste an installation script from `https://glot.io/snippets/hfdxv8uyaf` into their Terminal. Running arbitrary scripts directly from a pastebin service is extremely dangerous, as the content can be changed at any time by the snippet owner, potentially leading to arbitrary code execution, system compromise, or data exfiltration on the user's machine. Never instruct users to execute scripts directly from untrusted sources like pastebins. If a script is necessary, it should be included directly within the skill package, signed, or hosted on a trusted, immutable source with clear integrity verification steps. | LLM | SKILL.md:19 | |
| HIGH | Overly broad Google Drive API scope requested The `google_auth.py` script requests the `https://www.googleapis.com/auth/drive` scope. This scope grants full read, write, and delete access to all files and folders in the user's Google Drive. While the skill demonstrates Drive file operations, this single scope is excessively broad and could allow a compromised skill or malicious actor to access and manipulate all user data in Google Drive, even if only specific file operations (e.g., read-only access to certain file types) are intended. It's generally recommended to request the narrowest possible scopes (e.g., `drive.file`, `drive.readonly`, `drive.appfolder`) to limit potential damage. Review and reduce the requested Google API scopes to the minimum necessary for the skill's functionality. For Google Drive, consider using more granular scopes like `https://www.googleapis.com/auth/drive.file` (access to files created or opened by the app), `https://www.googleapis.com/auth/drive.readonly`, or `https://www.googleapis.com/auth/drive.appfolder` instead of full `drive` access. | LLM | SKILL.md:56 | |
| MEDIUM | Unpinned Python dependencies The `pip install` commands in the manifest and setup instructions do not specify exact versions for `google-api-python-client`, `google-auth-httplib2`, and `google-auth-oauthlib`. This can lead to unexpected behavior, breaking changes, or the introduction of vulnerabilities if a new version of a dependency contains malicious code or bugs. Pin all Python dependencies to specific versions (e.g., `package==1.2.3`) to ensure reproducible builds and mitigate risks from upstream changes. | LLM | SKILL.md:35 | |
| MEDIUM | Broad Google Workspace API scopes requested The `google_auth.py` script requests several broad Google API scopes, including `gmail.modify`, `calendar`, `contacts`, `spreadsheets`, and `documents`. While these are necessary for the demonstrated functionalities, they grant extensive read/write/delete permissions across the user's entire Gmail, Calendar, Contacts, Sheets, and Docs data. If the skill were compromised, or if a malicious prompt injection were successful, these broad permissions could be leveraged for significant data manipulation or exfiltration. It's a general security best practice to request the least privilege necessary. Evaluate if more granular scopes are available and sufficient for each service. For example, if only reading emails is required, `gmail.readonly` should be used instead of `gmail.modify`. If the skill only needs to create calendar events, a more restricted scope might exist. Clearly document why each broad scope is necessary and consider offering different authentication flows for users who only need a subset of features. | LLM | SKILL.md:51 |
Scan History
Embed Code
[](https://skillshield.io/report/75aee0fa1aabf485)
Powered by SkillShield