Google Workspace CLI for Gmail, Calendar, Drive, Contacts, Sheets, and Docs. The skill's instructions look like a legitimate Google Workspace CLI, but the registry metadata and SKILL.md disagree about required binaries/i
Security
Critical
Quality
Good · 70
Install
ready
Audit version
audit-standard-v2
Source metrics come from upstream registries/repositories. Platform metrics come from user actions on SkillTrust and are protected by dedupe/rate-limit anti-abuse rules.
Google Workspace CLI for Gmail, Calendar, Drive, Contacts, Sheets, and Docs. The skill's instructions look like a legitimate Google Workspace CLI, but the registry metadata and SKILL.md disagree about required binaries/install, and the skill asks you to supply OAuth credentials and run local commands — verify the source before installing or granting account access. This skill appears to be a wrapper for the 'gog' CLI and legitimately needs OAuth credentials and a local binary. Before installing or using it: 1) Verify the upstream project/homepage (https://gogcli.sh) and the Homebrew tap (steipete/tap/gogcli) are trustworthy — inspect the repository and releases; 2) Prefer installing the 'gog' binary yourself and testing it independently rather than letting an automated installer run; 3) Only provide OAuth client_secret.json and authorize scopes from an account you control (prefer a dedicated/test Google account with least privilege); 4) Be aware the SKILL.md and registry metadata disagree about install/requirements — ask the publisher to clarify why the registry shows no install/binaries while SKILL.md references them; 5) If you are uncomfortable, do not grant access to your primary Google account and consider running the CLI locally instead.
• Add explicit When to Use / Guidelines sections.
• Provide at least one concrete input-output example.
• Publish versioned changelog and update cadence.
• Document compatibility and breaking-change policy.
• Expand capability limits and boundary conditions.
Is this a security certification?
No. SkillTrust audit is advisory and should be combined with your own review controls.
Can I install directly from this page?
No one-click install is provided. Use command guidance and run in your controlled environment.
Imported from ClawHub public listing.
brew install steipete/tap/gogcliInstall method: script-backed (brew)
Quick install
Quick preflight
brew --versionwhich brewgo versionInstall paths
review skill metadata before installcheck required credentials in skill docsrequires local binaries: gogshell accessPreflight checks
Brew troubleshooting
Post-install signal
Installed successfully? Send an activation signal to improve ranking quality over time.
Audit score 80 / 100. Risk guidance is advisory only; review evidence before install.
• Add troubleshooting and FAQ for common failures.
• Improve discoverability through verified source channels.
• Publish usage examples to increase activation quality.
• Reduce shell/file/network scope and document least privilege.
• Expose explicit provenance, dependency pinning, and security notes.
• Provide structured install + rollback steps for each supported agent.
• Mark official/verified status and keep metadata timestamps fresh.
Moderately fresh; review release notes before install.
Audit guidance: 80 / 100 · critical
Scores with similar values can still differ in confidence; use evidence and risk lines below for final install judgment.
Risk 80 · Δ +0 · Findings 5
Apr 2, 2026 · auto
Latest critical risk result from audit-standard-v2.