gws

SUSPICIOUS. The functional scope matches a Google Workspace skill, and the OAuth/data flows look proportionate, but the install instructions are internally inconsistent with the apparent upstream project and publisher identity. That provenance mismatch materially raises supply-chain risk even without clear evidence of malicious behavior.