Daily morning rollup of important emails and calendar events at 8am with AI-generated summaries
Security Analysis
high confidenceThe skill does what it claims at a high level (reads Gmail/calendar, summarizes with Gemini), but it omits or misdeclares important credentials/behavior and handles sensitive email bodies in ways that could leak data or surprise users.
Name/description match the script: it queries Gmail and Google Calendar via the gog CLI and summarizes with gemini. However, the SKILL metadata and registry declare no required env/credentials even though the SKILL.md and rollup.sh require a configured Google account (GOG_ACCOUNT) and authenticated gog/gemini CLIs. The SKILL.md states summaries are "delivered to Telegram" but rollup.sh only prints output and writes a local log — there is no Telegram bot token or send-to-Telegram code in the script. That delivery claim is inconsistent with the code.
Runtime instructions and the script explicitly read full email bodies and pass them to the gemini CLI as part of a command-line prompt. Passing sensitive text on the command line can expose it to other local users via process listings; the script also writes summaries (sensitive content) to a local log file under $HOME/clawd. The SKILL.md tells the agent to set GOG_ACCOUNT but does not document other required authentication (gog/gemini auth). The instructions give broad discretion to edit search criteria and to 'read or search specific emails', which could escalate data access without additional checks.
No install spec (instruction-only + a shell script) — low install risk. But the skill depends on external, networked CLIs (gog and gemini). Those CLIs are not installed by the skill and must be trusted by the user; their installation/authentication is out-of-band and not documented in the registry metadata.
Registry declares no required env vars or primary credential, but SKILL.md and rollup.sh require GOG_ACCOUNT and implicitly require gog/gemini authentication (tokens/credentials). The script also uses CLAWDBOT_WORKSPACE/CLAWDBOT behavior indirectly. Sensitive data (email bodies and AI summaries) are written to a local log file. Lack of declared credentials and the use of CLI tools that likely need API keys/refresh tokens is disproportionate and under-documented.
The skill does not request always:true and doesn't alter other skills. It writes logs to $HOME/clawd and creates temporary files; this persistence of email summaries is expected for a rollup but is security-sensitive and should be noted by users. Cron instructions show using an isolated session, which is good practice.
Guidance
Before installing: be aware this script fetches full email bodies and passes them to the gemini CLI as part of a command-line argument (not stdin), which can expose content to other local users via process listings and will send your email text to whatever backend the gemini CLI uses. The skill omits declaring required credentials: you must have gog authenticated to access Gmail/Calendar and gemini authenticated to use the model; those tokens/credentials are not listed in the registry. The SKILL.md claims delivery to Telegram but the script only prints output and logs it locally — verify how the rollup will actually be delivered (your platform's cron wrapper may be forwarding stdout). If you proceed, consider: (1) verifying and trusting the installed gog/gemini CLIs and their backends, (2) modifying the script to avoid passing email bodies on the command line (use stdin or an authenticated API), (3) securing or rotating access tokens and protecting the log file (it stores summaries), and (4) ensuring you are comfortable with where cron output goes and whether any Telegram/bot tokens are required. If you want, ask the author to explicitly declare required env vars/credentials and to change the summarization to a safer input method that doesn't expose email contents in process arguments.
Latest Release
v2.1.0
Fix: Fixed gemini CLI stdin consumption bug that prevented processing all emails. Now processes all emails correctly. Also fixed subject line quote stripping and event counter syntax errors.
More by @am-will
Published by @am-will on ClawHub
