← Back to Skills Marketplace
coinvest518

Secure Gmail

by CoinVest AI Innovations · GitHub ↗ · v0.1.0
cross-platform ⚠ suspicious
407
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install secure-gmail
Description
Secure Gmail skill using Composio brokered OAuth — no raw tokens stored locally. Reads, searches, and drafts emails with least-privilege enforcement. Blocks...
Usage Guidance
Do not install or run this skill until the contradictions are resolved. Specific actions to request from the author or check yourself: - Ask the author to remove GMAIL_SEND_EMAIL from the session create() enable list in agent.py if send capability is truly disallowed. The current code enables send despite documentation saying send is blocked. - Ask for a clear statement of which Composio tool slugs are actually allowed on the Composio dashboard (and confirm the dashboard policy blocks GMAIL_SEND_EMAIL). Documentation alone is not sufficient; confirm the brokered-policy configuration. - Ensure registry metadata matches SKILL.md: COMPOSIO_API_KEY should be declared as a required env var in the skill manifest/registry. - Consider avoiding storing COMPOSIO_API_KEY in a local .env; if you must, ensure file permissions are restrictive and the key has least privilege. Prefer a secrets manager if available. - Request an update to GMAIL_TOOL_SLUGS.md to remove or clearly mark high-privilege slugs that this skill will not request, so reviewers can't be misled. - For extra caution, run the skill in a restricted environment and monitor Composio logs (as SKILL.md suggests) to verify that no send/delete actions are issued. If the author cannot satisfactorily explain and fix the send-slug discrepancy and the metadata mismatch, treat the skill as untrusted.
Capability Analysis
Type: OpenClaw Skill Name: secure-gmail Version: 0.1.0 The skill is classified as suspicious due to a critical discrepancy between its advertised security posture and its actual code implementation. While the `SKILL.md` and `README.md` documentation explicitly state that the skill is 'read-only + draft' and that 'GMAIL_SEND_EMAIL' is blocked at the Composio API gateway, the `agent.py` code explicitly enables the `GMAIL_SEND_EMAIL` capability when creating the Composio session. This creates a severe vulnerability: if the Composio gateway's blocking mechanism fails or is overridden by the `enable` list, the skill could be coerced into sending emails, directly contradicting its stated purpose and security claims. This is a risky capability enabled in `agent.py` that directly undermines the security assurances provided in `SKILL.md` and `README.md`.
Capability Assessment
Purpose & Capability
SKILL.md and README state the skill is read-only + draft-only and explicitly say send/delete are blocked at the Composio gateway. However agent.py creates a session that enables the GMAIL_SEND_EMAIL tool slug in its allowed list, directly contradicting the stated least-privilege purpose. Additionally, registry metadata at top-level reported no required env vars but SKILL.md and README both require COMPOSIO_API_KEY. These mismatches are not proportionate to the stated purpose and could allow sending if Composio configuration differs from the documentation.
Instruction Scope
SKILL.md instructs running agent.py with a .env containing COMPOSIO_API_KEY and shows exact CLI commands; that scope is reasonable. But the instructions repeatedly assert that blocked actions are enforced at gateway, while the code includes the send slug and the GMAIL_TOOL_SLUGS.md enumerates many high-privilege slugs. The instructions therefore grant the agent discretion that the code contradicts, creating scope creep/risk if Composio permissions are misconfigured.
Install Mechanism
No install spec — instruction-only with a small Python helper file. No remote downloads or extract steps. Risk from installation mechanism is low.
Credentials
The skill requires a COMPOSIO_API_KEY (declared in SKILL.md and README) which is proportionate for a brokered API. However, the registry-level metadata omitted this requirement (incoherent). The SKILL.md recommends storing the key in ~/clawd/skills/secure-gmail/.env; storing API keys in a local .env is common but increases attack surface if the key is overly permissive or file permissions are lax — consider using a secrets manager or ensuring minimal scope for the API key.
Persistence & Privilege
always:false and no requested system config paths or global modifications. The skill does not request permanent presence or elevated platform privileges.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install secure-gmail
  3. After installation, invoke the skill by name or use /secure-gmail
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v0.1.0
Initial release providing secure, read-only Gmail integration via Composio. - Read, search, and draft emails in Gmail while enforcing least-privilege access. - All API calls brokered through Composio; OAuth tokens are never exposed to the agent or local filesystem. - Sending and deleting emails are strictly blocked at the API gateway level. - Requires COMPOSIO_API_KEY and a connected Gmail account via app.composio.dev. - Designed for inbox checking, searching, summarizing, and safe draft creation only.
Metadata
Slug secure-gmail
Version 0.1.0
License
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is Secure Gmail?

Secure Gmail skill using Composio brokered OAuth — no raw tokens stored locally. Reads, searches, and drafts emails with least-privilege enforcement. Blocks... It is an AI Agent Skill for Claude Code / OpenClaw, with 407 downloads so far.

How do I install Secure Gmail?

Run "/install secure-gmail" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Secure Gmail free?

Yes, Secure Gmail is completely free (open-source). You can download, install and use it at no cost.

Which platforms does Secure Gmail support?

Secure Gmail is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Secure Gmail?

It is built and maintained by CoinVest AI Innovations (@coinvest518); the current version is v0.1.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments