扫描报告
10 /100
gog
Google Workspace CLI for Gmail, Calendar, Drive, Contacts, Sheets, and Docs
This is a pure documentation skill describing CLI usage of the external 'gog' Google Workspace tool. No malicious behavior, no implementation code, and no sensitive operations performed by the skill itself.
可以安装
The skill is safe to use as it only documents CLI commands. However, the external 'gog' CLI tool from a third-party Homebrew tap should be verified independently for security.
安全发现 2 项
| 严重性 | 安全发现 | 位置 |
|---|---|---|
| 低危 | External dependency from third-party tap 供应链 | SKILL.md:1 |
| 低危 | Allowed-tools not explicitly declared 文档欺骗 | SKILL.md:1 |
| 资源类型 | 声明权限 | 推断权限 | 状态 | 证据 |
|---|---|---|---|---|
| 文件系统 | NONE | NONE | — | No filesystem operations described in SKILL.md |
| 网络访问 | NONE | NONE | — | No direct network calls made - relies on external gog CLI |
| 命令执行 | NONE | WRITE | ✓ 一致 | CLI documentation naturally implies shell usage, but skill is documentation-only |
| 环境变量 | NONE | NONE | — | No environment variable access described |
| 凭证 | NONE | NONE | — | OAuth setup documented but credential handling is delegated to gog CLI |
3 项发现
中危 外部 URL 外部 URL
https://gogcli.sh SKILL.md:4 提示 邮箱 邮箱地址
[email protected] SKILL.md:14 提示 邮箱 邮箱地址
[email protected] SKILL.md:19 目录结构
2 文件 · 1.8 KB · 41 行 Markdown 1f · 36L
JSON 1f · 5L
├─
_meta.json
JSON
└─
SKILL.md
Markdown
依赖分析 1 项
| 包名 | 版本 | 来源 | 已知漏洞 | 备注 |
|---|---|---|---|---|
gog-cli | unspecified | brew tap steipete/tap/gogcli | 否 | Third-party Homebrew tap - verify source independently |
安全亮点
✓ No malicious code or scripts present
✓ No credential harvesting or exfiltration
✓ No base64-encoded payloads or obfuscation
✓ No sensitive file/path access
✓ No remote script execution (curl|bash patterns)
✓ No supply chain typosquatting detected
✓ OAuth-based authentication is documented (legitimate pattern)
✓ Skill is documentation-only, delegating actual operations to external CLI