by 安全扫描
OpenClaw
安全
medium confidence该技能的说明和要求仅聚焦于通过“gog”CLI 创建 Gmail 草稿,内部一致,但依赖来源不明的外部二进制文件,使用前请验证该二进制文件。
评估建议
This skill is narrowly focused and appears coherent, but it depends entirely on an external 'gog' CLI of unknown origin. Before installing or enabling it: 1) Verify what 'gog' is (project homepage, publisher) and install it from a trusted source; 2) Confirm the 'gog' binary is already authenticated to the correct Gmail account and review what credentials/config it stores; 3) Test the skill in a safe/sandboxed environment to confirm it only creates drafts and returns draftId; 4) If you do not wan...详细分析 ▾
✓ 用途与能力
The name/description (initialize a Gmail draft with recipients) matches the single required binary ('gog') and the single command the SKILL.md instructs the agent to run. Asking for the gog CLI is proportionate to the described task.
✓ 指令范围
SKILL.md is narrowly scoped: it tells the agent to run a single CLI command, check the JSON response for a draftId, and retry up to 3 times on failure. It does not instruct reading unrelated files, scanning environment variables, or transmitting data to unknown endpoints.
✓ 安装机制
There is no install spec and no code files — this is instruction-only. That is the lowest-risk install model. The skill assumes the 'gog' binary is already present on PATH.
ℹ 凭证需求
The skill declares no env vars or credentials, which is reasonable if the 'gog' CLI is already authenticated in the environment. However, because it relies on an external binary, that binary (and its configuration/storage of credentials) is the implicit credential surface — the skill itself does not request unrelated secrets.
✓ 持久化与权限
always is false, the skill is user-invocable, and it does not request system-wide persistence or modify other skills' configs. Autonomous model invocation is allowed by default but not excessive here given the narrow scope.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
安装命令
点击复制官方npx clawhub@latest install gmail-draft-initialize
镜像加速npx clawhub@latest install gmail-draft-initialize --registry https://cn.longxiaskill.com镜像同步中
技能文档
精益理念(原则) Kaizen(改善):此技能为原子节点,仅用于初始化含收件人的草稿,禁止复杂多字段字符串构造。
Standardized Work(標準作業):该节点代表自动化前完成此任务最高效、标准化的路径。
Jidoka(自働化):该节点含自主缺陷检测,依赖 CLI 的自修复循环;若初始化失败则报错。
Gmail Draft Initialize 本技能让代理在 Gmail 新建空草稿并指定收件人,不设置主题或正文(需用专用更新技能)。
认知指令 WHEN [需要新建邮件草稿] THEN [执行原生终端命令 gog gmail drafts create --to "..." --json]
Schema 示例 { "command": "gog gmail drafts create --to \"example@gmail.com\" --json" }
Jidoka 验证循环 尝试:执行命令。 评估:检查 JSON 响应确认返回 draft ID。 纠正/失败:若失败或参数幻觉,按 exact error 重试最多 3 次(max_retries=3)。 继续:返回最终 draft ID 供后续更新。
预期输出 JSON 对象确认草稿已创建并返回 draftId。