ClawHub

Firestore

v1.0.4

Manage Google Cloud Firestore databases using the Firestore REST API via curl commands. Authenticate using gcloud CLI tokens to perform CRUD operations on do...

0· 263·1 current·1 all-time
byFelipe Oliveira@felipe0liveira
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Firestore via REST) align with required binaries (curl, gcloud) and the instructions. gcloud is required to obtain OAuth tokens — this is expected for the described functionality.
Instruction Scope
SKILL.md instructs the agent to run only gcloud commands to display context and generate short-lived access tokens, then construct curl requests to the Firestore REST API and always present the full command for user approval before executing. It does not request unrelated files, credentials, or network endpoints.
Install Mechanism
Instruction-only skill with no install script or downloaded code. The included manual install guidance points to the official Google Cloud SDK docs — appropriate and low risk.
Credentials
No environment variables or external credentials are declared; the skill relies on gcloud CLI token generation (short-lived tokens inheriting the active account's permissions). That is proportional to the purpose, and the docs explicitly recommend using a least-privilege service account.
Persistence & Privilege
always is false, user-invocable is true, and disable-model-invocation is true (the skill does not execute autonomously). The skill does not request persistent system changes or modify other skills. This is appropriate for its function.
Assessment
This skill appears coherent and low-risk in structure, but it operates with whatever permissions the active gcloud account has. Before using it: (1) ensure the active identity is a dedicated, least-privilege service account and confirm the active project via `gcloud config list`; (2) always review the full curl command the skill presents and only approve actions you expect (read operations can still expose sensitive data); (3) avoid using personal or owner/admin credentials; (4) test in a non-production project first; and (5) revoke tokens and audit Cloud Audit Logs if anything unusual occurs.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a4wm3mdmgpk3bq8ej4fy29n82c2nr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔥 Clawdis
Binscurl, gcloud

Comments