Security audit

Google Workspace

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly purpose-aligned, but it handles sensitive Google access through an under-scoped token endpoint and unverified CLI installation steps that users should review before installing.

Install only if you trust MyBrandMetrics and the Google Workspace data sources you connect. Set GWS_TOKEN_URL only to the legitimate MyBrandMetrics token endpoint, protect or avoid the plaintext API-key file, and manually confirm any delete, share, move, or bulk-update action before running it.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Tainted flow: 'TOKEN_URL' from os.environ.get (line 8, credential/environment) → requests.post (network output)

Critical

Category: Data Flow
Content: data = {"source_key": source_key} try: response = requests.post(TOKEN_URL, headers=headers, json=data) response.raise_for_status() return response.json().get("access" + "_token") except Exception as e:
Confidence: 97% confidence
Finding: response = requests.post(TOKEN_URL, headers=headers, json=data)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The description prominently includes destructive actions such as updating and deleting Calendar events and deleting Drive files, but it does not warn that the skill can modify or remove user data. In this context, the skill is specifically designed to operate on live Google Workspace resources, so omission of safety messaging increases the risk of accidental destructive use by users or downstream agents.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The setup flow tells users to store an API key in a predictable plaintext file under the home directory, without guidance on file permissions, rotation, or safer secret storage. If the local system is shared, backed up, indexed, or compromised, that credential could be read and then used to obtain managed Google access tokens for connected services.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The script fetches release metadata from GitHub and then downloads and installs an executable archive from the network without any integrity verification, signature checking, or version pinning. This creates a supply-chain risk: if the release source, network path, or repository is compromised, a malicious binary could be installed and later executed by the user.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.