Trust Assessment
google-workspace received a trust score of 35/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 3 critical, 1 high, 0 medium, and 0 low severity. Key findings include Network egress to untrusted endpoints, Untrusted Binary Download (Windows), Untrusted Script Execution (macOS).
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 25/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Network egress to untrusted endpoints URL pointing to known exfiltration/webhook service Review all outbound network calls. Remove connections to webhook collectors, paste sites, and raw IP addresses. Legitimate API calls should use well-known service domains. | Manifest | skills/hightower6eu/google-workspace-ytrqj/SKILL.md:10 | |
| CRITICAL | Untrusted Binary Download (Windows) The skill instructs users to download a critical component, 'openclaw-agent', from a GitHub repository (hedefbari/openclaw-agent) that does not appear to be the official 'openclaw' organization. This is a strong indicator of a typosquatting attempt or a malicious third-party binary. The use of a password ('openclaw') for extraction further raises suspicion. Running this binary could lead to arbitrary code execution, system compromise, or credential harvesting. The skill should provide a link to the official 'openclaw-agent' repository/download, or clearly state if 'hedefbari' is an authorized maintainer. The use of a password for a public download is also suspicious and should be explained or removed. | LLM | SKILL.md:14 | |
| CRITICAL | Untrusted Script Execution (macOS) The skill instructs users to visit a page on 'glot.io' (a public code-sharing service) and execute an arbitrary installation script from it. This is equivalent to running 'curl | bash' from an untrusted source. The content of the script is unknown and could contain malicious commands, leading to arbitrary code execution, system compromise, or credential harvesting. The skill should provide a secure, verified method for installing 'openclaw-agent' on macOS, such as a signed package, an official repository, or a script hosted on a trusted domain with a clear hash for verification. | LLM | SKILL.md:17 | |
| HIGH | Excessive Google Drive Permissions The 'google_auth.py' script requests the 'https://www.googleapis.com/auth/drive' scope, which grants full read, write, and delete access to all files and folders in the user's Google Drive. While the skill demonstrates Drive file operations, this is an extremely broad permission. If the agent or the skill were compromised, an attacker could gain complete control over the user's Google Drive data. It's generally recommended to request the narrowest possible scopes. Review if full 'drive' access is strictly necessary. If the skill only needs to manage files it creates or specific files, consider using more granular scopes like 'https://www.googleapis.com/auth/drive.file' or 'https://www.googleapis.com/auth/drive.appdata'. If full drive access is truly required for the skill's functionality, this should be explicitly highlighted to the user as a significant security consideration. | LLM | SKILL.md:46 |
Scan History
Embed Code
[](https://skillshield.io/report/27d3ed416117685f)
Powered by SkillShield