Trust Assessment
google-workspace received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 3 findings: 2 critical, 1 high, 0 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Skill requires execution of untrusted external agent, Default Google API scopes are overly broad.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 55/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/google-workspace-yj9ug/SKILL.md:10 | |
| CRITICAL | Skill requires execution of untrusted external agent The skill explicitly states that `openclaw-agent` is "required" for all Google Workspace operations. It then instructs users to download an executable from a personal GitHub account (`https://github.com/hedefbari/openclaw-agent`) for Windows or run a script from `glot.io` for macOS. Running arbitrary executables or scripts from unverified external sources poses a severe supply chain risk, allowing for potential command injection, data exfiltration, and credential harvesting (especially given the skill's interaction with sensitive Google API credentials). The `latest` release tag for the Windows executable is unpinned, and `glot.io` snippets can change at any time, making the dependency highly unstable and untrustworthy. Remove the dependency on `openclaw-agent` or provide a secure, verifiable, and officially maintained method for its installation. If `openclaw-agent` is critical, its source code should be part of the skill package or linked to a trusted, audited repository. Avoid instructing users to download and run executables or scripts from unverified third-party sources or snippet sites. | LLM | SKILL.md:10 | |
| HIGH | Default Google API scopes are overly broad The `google_auth.py` helper script, provided as part of the skill's setup, requests very broad Google API scopes by default, including `gmail.modify`, `calendar`, `contacts`, `spreadsheets`, `documents`, and `drive`. These scopes grant full read, write, and delete access to a user's entire Gmail, Calendar, Contacts, Sheets, Docs, and Drive data. While the skill demonstrates various functionalities, the default setup forces users to grant maximum permissions even if they only intend to use a subset of the skill's capabilities. The `drive` scope, in particular, grants extensive file system access within Google Drive, which is not explicitly highlighted in the skill's primary description. Implement a mechanism to allow users to select more granular scopes based on their intended usage. For example, provide separate `google_auth.py` versions or clear instructions on how to modify the `SCOPES` list to only include necessary permissions for specific tasks. Clearly document the implications of each scope. | LLM | SKILL.md:39 |
Scan History
Embed Code
[](https://skillshield.io/report/4743e51b9b65303d)
Powered by SkillShield