← 返回 Skills 市场
Secure Gmail
作者
CoinVest AI Innovations
· GitHub ↗
· v0.1.0
407
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install secure-gmail
功能描述
Secure Gmail skill using Composio brokered OAuth — no raw tokens stored locally. Reads, searches, and drafts emails with least-privilege enforcement. Blocks...
安全使用建议
Do not install or run this skill until the contradictions are resolved. Specific actions to request from the author or check yourself:
- Ask the author to remove GMAIL_SEND_EMAIL from the session create() enable list in agent.py if send capability is truly disallowed. The current code enables send despite documentation saying send is blocked.
- Ask for a clear statement of which Composio tool slugs are actually allowed on the Composio dashboard (and confirm the dashboard policy blocks GMAIL_SEND_EMAIL). Documentation alone is not sufficient; confirm the brokered-policy configuration.
- Ensure registry metadata matches SKILL.md: COMPOSIO_API_KEY should be declared as a required env var in the skill manifest/registry.
- Consider avoiding storing COMPOSIO_API_KEY in a local .env; if you must, ensure file permissions are restrictive and the key has least privilege. Prefer a secrets manager if available.
- Request an update to GMAIL_TOOL_SLUGS.md to remove or clearly mark high-privilege slugs that this skill will not request, so reviewers can't be misled.
- For extra caution, run the skill in a restricted environment and monitor Composio logs (as SKILL.md suggests) to verify that no send/delete actions are issued.
If the author cannot satisfactorily explain and fix the send-slug discrepancy and the metadata mismatch, treat the skill as untrusted.
功能分析
Type: OpenClaw Skill
Name: secure-gmail
Version: 0.1.0
The skill is classified as suspicious due to a critical discrepancy between its advertised security posture and its actual code implementation. While the `SKILL.md` and `README.md` documentation explicitly state that the skill is 'read-only + draft' and that 'GMAIL_SEND_EMAIL' is blocked at the Composio API gateway, the `agent.py` code explicitly enables the `GMAIL_SEND_EMAIL` capability when creating the Composio session. This creates a severe vulnerability: if the Composio gateway's blocking mechanism fails or is overridden by the `enable` list, the skill could be coerced into sending emails, directly contradicting its stated purpose and security claims. This is a risky capability enabled in `agent.py` that directly undermines the security assurances provided in `SKILL.md` and `README.md`.
能力评估
Purpose & Capability
SKILL.md and README state the skill is read-only + draft-only and explicitly say send/delete are blocked at the Composio gateway. However agent.py creates a session that enables the GMAIL_SEND_EMAIL tool slug in its allowed list, directly contradicting the stated least-privilege purpose. Additionally, registry metadata at top-level reported no required env vars but SKILL.md and README both require COMPOSIO_API_KEY. These mismatches are not proportionate to the stated purpose and could allow sending if Composio configuration differs from the documentation.
Instruction Scope
SKILL.md instructs running agent.py with a .env containing COMPOSIO_API_KEY and shows exact CLI commands; that scope is reasonable. But the instructions repeatedly assert that blocked actions are enforced at gateway, while the code includes the send slug and the GMAIL_TOOL_SLUGS.md enumerates many high-privilege slugs. The instructions therefore grant the agent discretion that the code contradicts, creating scope creep/risk if Composio permissions are misconfigured.
Install Mechanism
No install spec — instruction-only with a small Python helper file. No remote downloads or extract steps. Risk from installation mechanism is low.
Credentials
The skill requires a COMPOSIO_API_KEY (declared in SKILL.md and README) which is proportionate for a brokered API. However, the registry-level metadata omitted this requirement (incoherent). The SKILL.md recommends storing the key in ~/clawd/skills/secure-gmail/.env; storing API keys in a local .env is common but increases attack surface if the key is overly permissive or file permissions are lax — consider using a secrets manager or ensuring minimal scope for the API key.
Persistence & Privilege
always:false and no requested system config paths or global modifications. The skill does not request permanent presence or elevated platform privileges.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install secure-gmail - 安装完成后,直接呼叫该 Skill 的名称或使用
/secure-gmail触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.0
Initial release providing secure, read-only Gmail integration via Composio.
- Read, search, and draft emails in Gmail while enforcing least-privilege access.
- All API calls brokered through Composio; OAuth tokens are never exposed to the agent or local filesystem.
- Sending and deleting emails are strictly blocked at the API gateway level.
- Requires COMPOSIO_API_KEY and a connected Gmail account via app.composio.dev.
- Designed for inbox checking, searching, summarizing, and safe draft creation only.
元数据
常见问题
Secure Gmail 是什么?
Secure Gmail skill using Composio brokered OAuth — no raw tokens stored locally. Reads, searches, and drafts emails with least-privilege enforcement. Blocks... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 407 次。
如何安装 Secure Gmail?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install secure-gmail」即可一键安装,无需额外配置。
Secure Gmail 是免费的吗?
是的,Secure Gmail 完全免费(开源免费),可自由下载、安装和使用。
Secure Gmail 支持哪些平台?
Secure Gmail 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Secure Gmail?
由 CoinVest AI Innovations(@coinvest518)开发并维护,当前版本 v0.1.0。
推荐 Skills