Google Agents Cli
AdvisoryAudited by Static analysis on May 12, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the setup could add or change agent behavior through code and skills whose contents were not reviewed here.
The primary setup path executes an unpinned external package command and uses it to install additional agent skills that are not present in the reviewed artifact set.
Run this once to install the CLI and all 7 specialized skills into the user's coding agent:
uvx google-agents-cli setupVerify the package source and version, review what `google-agents-cli setup` installs, and prefer a pinned, documented install path before running it.
After setup, future coding-agent sessions may be influenced by additional installed skills, including one that is always active.
The setup creates persistent agent behavior, including an always-active workflow skill, without the reviewed artifact showing the installed skill contents, scope limits, or removal controls.
- `google-agents-cli-workflow` — full development lifecycle (always active)
Install only if you are comfortable adding persistent skills to your agent, and confirm how to inspect, disable, or uninstall the added skills.
Later use of the installed skills could affect cloud projects, production deployments, or enterprise agent registries.
The installed toolchain is intended to support cloud deployment and publishing workflows, which may later require Google Cloud or Gemini Enterprise account authority.
- `google-agents-cli-deploy` — deploy to Agent Runtime, Cloud Run, or GKE - `google-agents-cli-publish` — register agents with Gemini Enterprise
Use least-privilege Google credentials and confirm project, region, deployment, and publishing targets before approving those operations.
A user may place extra trust in the setup command because it appears to be Google-branded.
The skill presents itself as Google-authored and official-looking; because the registry source/homepage are not populated in the provided metadata, users should verify provenance before trusting the installer.
metadata: author: Google ... Entrypoint skill for [agents-cli](https://github.com/google/agents-cli) — Google's CLI
Confirm that the package and repository are the intended official Google Agents CLI distribution before running the setup.