Skills
skills/qwibitai/nanoclaw/add-gmail-tool/Gen Agent Trust Hub

add-gmail-tool

Pass

Audited by Gen Agent Trust Hub on Apr 26, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill installs the third-party NPM package @gongrzhe/server-gmail-autoauth-mcp@1.1.11 and zod-to-json-schema@3.22.5 into the agent's Docker environment.
  • Evidence: Phase 2 instructions modify the Dockerfile to include pnpm install -g for these packages.
  • [COMMAND_EXECUTION]: The skill requires several shell commands to be executed on the host system to set up directories, write configuration stubs, and restart services.
  • Evidence: Commands include mkdir -p ~/.gmail-mcp, cat > ~/.gmail-mcp/..., and systemctl --user restart nanoclaw.
  • [INDIRECT_PROMPT_INJECTION]: The skill enables the agent to read and process external data from Gmail, which creates a surface for indirect prompt injection attacks where malicious emails could influence agent behavior.
  • Ingestion points: Gmail inbox via search_emails and read_email tools.
  • Boundary markers: None specified in the tool implementation instructions.
  • Capability inventory: High-privilege actions including send_email, delete_email, modify_email, and create_filter.
  • Sanitization: No explicit sanitization or filtering of email content is mentioned before it is processed by the agent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 26, 2026, 09:50 PM