TangleClaw Google OAuth

Security checks across malware telemetry and agentic risk

Overview

This is a high-privilege Google Workspace integration, but its access, token storage, and tool behavior are coherent with its stated purpose and substantially disclosed.

Install only if you want your agent to access a Google account. Use a dedicated Google account, keep the token and credentials files private, revoke the OAuth grant when no longer needed, and narrow scopes or avoid enabling mutation tools if you only need read-only access.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Missing User Warnings

Medium

Confidence: 83% confidence
Finding: The manifest explicitly states that an OAuth refresh token will be written to and read from a local file, but it provides no user-facing warning, protection requirements, or constraints around secure storage. In a plugin that exposes broad Google Workspace capabilities, an unprotected refresh token can enable persistent access to email, files, calendars, and documents if the file is disclosed or permissions are too broad.

Vague Triggers

Medium

Confidence: 72% confidence
Finding: The plugin is enabled by default and activates on startup, which increases exposure before the user explicitly invokes a tool or understands the trust boundary. In the context of a credentialed Google Workspace integration, broad startup activation makes accidental or unintended access paths more plausible and expands the attack surface of a highly privileged plugin.

VirusTotal

62/62 vendors flagged this plugin as clean.

View on VirusTotal