by 安全扫描
OpenClaw
安全
high confidenceNULL
评估建议
This skill is coherent, but it requires trust in the external Clawback service because the CLI's device-flow authentication gives that service access to your Gmail data (and it enforces policies and logs audits). Before installing: (1) verify you obtain the 'clawback' binary only from the official repo/releases (https://github.com/honeybadge-labs/clawback or https://clawback.sh), (2) inspect the OAuth scopes the CLI requests during auth so you understand what the proxy can read/send, (3) confirm...详细分析 ▾
✓ 用途与能力
Name/description (Gmail security proxy with approvals/audit) match the declared requirement of a 'clawback' binary and the SKILL.md commands that use that binary. There are no unrelated env vars, binaries, or install steps requested.
ℹ 指令范围
SKILL.md instructs the agent to run the 'clawback' CLI, handle specific exit codes, and poll approvals in the background; these instructions are within the claimed scope but imply the agent will hold and poll approval IDs and should not surface CLI plumbing to users. This is a trust decision (the proxy/service will see mailbox data during normal operation).
✓ 安装机制
No install spec is included (instruction-only), and SKILL.md points to upstream GitHub releases for the binary. No downloads or extract steps are embedded in the skill itself.
✓ 凭证需求
The skill declares no required env vars or credentials. SKILL.md mentions optional CB_SERVER and connection ids; this is proportional. Note: real Gmail access is obtained via the clawback CLI's auth flow, so the external Clawback service will receive OAuth scopes — the user should review what scopes/permissions that service requests.
✓ 持久化与权限
always is false and the skill is user-invocable. It does request the agent perform background polling of approvals, but it does not demand permanent/all-agent presence or modify other skills' configs.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv0.2.02026/2/25
NULL
● 可疑
安装命令
点击复制官方npx clawhub@latest install clawback-sh
镜像加速npx clawhub@latest install clawback-sh --registry https://cn.longxiaskill.com