Skillv1.0.3

ClawScan security

gog-restricted · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 9:57 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (a restricted wrapper for the 'gog' CLI) mostly matches its code, but the installer replaces the system 'gog' binary (uses sudo), creating a persistent privileged change and an elevated-risk install step that should be reviewed before running.
Guidance: This skill implements a local, persistent wrapper by moving your installed 'gog' binary and replacing it with a script — the installer uses sudo and will modify system files. If you consider installing: - Review the contents of script/setup.sh carefully (you already have it) and confirm you trust the source. The script here is readable and implements an allowlist, but replacing system binaries is high-risk. - Understand you'll need admin rights to install; prefer testing in a disposable environment (container, VM) first. - Backup the original gog binary before running, and verify the created .gog-real and wrapper are owned and permissioned as you expect. - Confirm whether you need GOG_ACCOUNT and set it deliberately; the skill references it but doesn't declare it in metadata. - If you cannot validate the origin/trust of the package or do not want a persistent change to your PATH, do not run setup.sh — instead run 'gog' directly or use non-invasive controls (wrapping via a shell alias or local wrapper in your user bin) to reduce risk.

Review Dimensions

Purpose & Capability: noteThe name and description claim a restricted Google Workspace wrapper and the files do require a local 'gog' binary — that is coherent. The skill does not request unrelated credentials or services. Minor mismatch: SKILL.md documents a GOG_ACCOUNT environment variable as the default account, but requires.env lists none.
Instruction Scope: concernSKILL.md instructs the user to run script/setup.sh which will move the installed 'gog' binary and replace it with a wrapper. The wrapper enforces an allowlist and checks certain flags. The instructions modify system-level state (the installed gog) and require elevated permissions (sudo) to perform the change. There are no network exfiltration endpoints or hidden remote calls in the script, but the installation step is invasive and persistent.
Install Mechanism: concernThere is no package/install spec, but the provided setup.sh performs an on-disk installation: it mv's the real binary to .gog-real and writes a wrapper to the original path using sudo, then makes it executable. Replacing a system binary from an untrusted skill is high-risk; the script comes from the skill bundle (so auditable), but it still requires administrator privileges and permanently alters the environment.
Credentials: noteThe skill declares no required environment variables (primary credential: none), which matches that the wrapper enforces a local allowlist. However, SKILL.md references GOG_ACCOUNT as the default account; that variable is not declared in requires.env. No other unrelated credential or config access is requested.
Persistence & Privilege: concernThe setup script persistently replaces the installed 'gog' binary and preserves the original as .gog-real. This is a privileged, persistent change (uses sudo). The skill itself is not marked always:true, but the install step still grants the skill ongoing control over a commonly-invoked CLI by intercepting all 'gog' calls.