Jules API
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: jules-api Version: 1.0.0 The OpenClaw AgentSkills skill bundle for the Google Jules API is benign. It provides a legitimate interface to the Jules REST API, allowing users to manage coding sessions. All network requests are directed to the official `jules.googleapis.com` endpoint, and the `JULES_API_KEY` is handled appropriately as an authentication header. The `SKILL.md` documentation and the `scripts/jules.sh` helper script contain no evidence of data exfiltration, unauthorized command execution, persistence mechanisms, or prompt injection attempts against the OpenClaw agent. User inputs for JSON payloads are properly escaped using `jq -Rs .` in `jules.sh`, mitigating potential injection risks.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or overbroad task could cause Jules to make repository changes or create pull requests before the user has reviewed a plan.
The script defaults new coding sessions to no plan approval and supports automatic PR creation, giving the agent a high-impact action path on connected GitHub repositories unless the user deliberately opts into approval.
echo " --approve: require plan approval (default: auto-approve)" ... REQUIRE_APPROVAL="false" ... --auto-pr) AUTOMATION_MODE="AUTO_CREATE_PR"
Default to requiring plan approval, use --auto-pr only after explicit user confirmation, and restrict invocations to a specific repository, branch, and task description chosen by the user.
Anyone or any agent with access to this API key could interact with the user’s Jules sessions and connected repositories within the key’s permissions.
The skill clearly uses a Jules API key and that key enables actions tied to the user’s Jules account and connected GitHub repositories. This is expected for the stated purpose, but it is sensitive account authority.
**Auth:** Pass your API key via the `x-goog-api-key` header. ... Jules can autonomously execute coding tasks on your GitHub repositories
Use a dedicated Jules API key if possible, keep it out of logs and shared prompts, and revoke or rotate it if the skill is no longer needed.
A Jules session may keep working remotely until completion, failure, deletion, or user intervention.
The skill intentionally launches work performed by an external autonomous coding agent. This is disclosed and purpose-aligned, but remote sessions may continue after the local command returns.
Jules can autonomously execute coding tasks on your GitHub repositories — writing code, fixing bugs, adding tests, and creating pull requests.
Monitor sessions after creation, require plan approval for non-trivial tasks, and delete or pause sessions that are no longer wanted.