Gog

The SKILL.md describes a Google Workspace CLI (Gmail, Calendar, Drive, Contacts, Sheets, Docs) and its commands — that purpose aligns with the actions shown. However the registry metadata shown to the platform lists no required binaries or install spec, while the SKILL.md includes metadata that requires the 'gog' binary and even provides a Homebrew formula (steipete/tap/gogcli). This mismatch between declared requirements and the runtime instructions is an inconsistency worth verifying.

The instructions stay on-topic: they show how to perform OAuth setup with a client_secret.json, add an account and run Gmail/Calendar/Drive/Sheets/Docs commands. They require running a local CLI and providing OAuth credentials (sensitive by nature) but do not instruct the agent to read unrelated system files or exfiltrate data to unexpected endpoints.

There is no install spec in the registry listing, yet SKILL.md metadata includes a Homebrew install entry (steipete/tap/gogcli). Installing a third‑party Homebrew tap is moderately risky if you don't trust its source; the registry's omission of the install step is an incoherence that makes it unclear whether the platform will automatically install the binary or expect it preinstalled.

No environment variables or primary credentials are declared in the registry, but the SKILL.md requires OAuth credentials (client_secret.json) and suggests setting GOG_ACCOUNT. Requesting OAuth client secrets and access to Google services is proportionate to a workspace CLI, but these are sensitive and the lack of declared credentials in the registry metadata is an omission to confirm.

The skill does not request always:true and does not declare persistent system-wide changes. It is user-invocable and allows autonomous invocation by default (platform default) — notable but not a standalone red flag in this case.