Skillv1.0.0

ClawScan security

Google SEO GEO Auto Index · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 3, 2026, 9:17 AM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill mostly does what it says (submits sitemap URLs to Google's Indexing API) but the package metadata, instructions, and included script are inconsistent about required credentials, and the skill requires a sensitive Google service-account JSON file and will fetch arbitrary sitemap URLs (including any internal/redirected addresses).
Guidance: This skill appears to implement exactly what it claims (submitting sitemap URLs to Google's Indexing API), but there are two things to consider before installing: 1) Metadata mismatch: The registry metadata says no credentials are needed, but the SKILL.md and the script require a Google service-account JSON key (GOOGLE_INDEX_SA_KEY or --sa-key). Treat that as an authoring error and verify the skill's requirements before proceeding. 2) Sensitive key handling: You must provide a Google service-account JSON file. Only supply a key from a service account scoped down to the Indexing API and nothing else; avoid using a high-privilege project owner key. Prefer creating a dedicated service account with the minimum permissions and add only the SA email as an Owner in Search Console as documented. Consider using ephemeral keys or rotating/revoking the key after use. 3) Network behavior: The tool will fetch whatever sitemap URL you provide and will follow redirects. If run on a machine with access to internal networks, a malicious or misconfigured sitemap URL could cause requests to internal hosts. Run in an environment you control, or inspect the sitemap contents before running. 4) Review and isolation: The included script is short and readable; you (or a trusted admin) should review it (it only talks to indexing.googleapis.com and to the provided sitemap URLs). If you proceed, run it in an isolated environment (container or dedicated machine) and ensure Python dependencies installed by uv come from trusted registries. 5) Ask the publisher to fix metadata: Request that the skill owner update registry metadata to declare the required env var (GOOGLE_INDEX_SA_KEY) and document the exact permissions the service account needs. If these precautions are acceptable, the skill's behavior is coherent with its purpose; if you cannot safely supply a minimal service-account key or cannot run it in an isolated environment, do not install or run it.

Review Dimensions

Purpose & Capability: concernThe SKILL.md and the included script clearly implement a Google Indexing API client that needs a Google service account JSON key (GOOGLE_INDEX_SA_KEY). However the registry metadata claims 'Required env vars: none' and 'Primary credential: none' — that's an incoherence. The credential is required for the stated purpose, so the metadata is incorrect or incomplete.
Instruction Scope: noteThe runtime instructions are narrowly scoped to fetching a user-supplied sitemap, diffing against a local cache (~/.cache/auto-index/sitemap-cache.json), and calling the Google Indexing API. The script reads a local service-account JSON file and makes outbound HTTP requests (to the sitemap URL(s) and to https://indexing.googleapis.com). Fetching arbitrary sitemap URLs means the tool will follow redirects and can contact arbitrary hosts (including intranet addresses) if such URLs are provided — expected for this tool but worth noting.
Install Mechanism: okThere is no install spec (instruction-only skill) and no remote download. The script declares Python dependencies in its uv-inline metadata (google-auth, google-auth-httplib2, google-api-python-client, httpx). That is proportionate to the stated purpose and not unusual.
Credentials: concernThe code and SKILL.md require a sensitive environment input (path to a Google service-account JSON key via GOOGLE_INDEX_SA_KEY or --sa-key). That is appropriate for the Indexing API, but the registry metadata fails to declare this requirement. The service account key is powerful — if the service account has broader permissions than intended, the key is highly sensitive. No other unrelated secrets are requested.
Persistence & Privilege: okThe skill does not request always: true and does not modify other skills or global agent config. It creates a cache at ~/.cache/auto-index/sitemap-cache.json and only stores sitemap URL lists and timestamps — expected behavior for caching.