Skillv1.0.13

ClawScan security

Gws Admin Reports · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 31, 2026, 6:33 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's description matches a Google Workspace reporting helper, but it omits any declared authentication/credential requirements and directs the agent to a shared SKILL.md outside the skill — this mismatch and external file dependency are incoherent and worth caution.
Guidance: This skill appears to be a wrapper for a 'gws' CLI that calls Google Workspace reporting APIs, but it does not state how authentication is provided. Before installing or enabling it: (1) verify the provenance and integrity of the 'gws' binary on your system (where did it come from?), (2) inspect the referenced ../gws-shared/SKILL.md (or the output of 'gws generate-skills') to see what credentials, files, or global flags it will read or create, (3) ensure any Google service account or OAuth credentials used are scoped minimally (least privilege) and stored safely, (4) run the skill in a sandboxed/test environment first to observe file writes and network calls, and (5) if you cannot inspect the external shared SKILL.md or the gws binary, treat this as untrusted and avoid enabling autonomous use. If the author supplies the shared auth file contents or the skill declares the exact env vars/config it will use, the assessment could be upgraded to benign.

Review Dimensions

Purpose & Capability: noteName/description align with Google Workspace Admin SDK reporting and the declared required binary (gws) is plausible for that purpose. However, a reporting skill would normally require Google auth credentials (OAuth client or service account) or at least document how authentication is provided; the skill declares no env vars or primary credential, creating a gap between purpose and declared requirements.
Instruction Scope: concernSKILL.md is instruction-only and primarily tells the agent to run the 'gws' CLI and to "Read ../gws-shared/SKILL.md for auth, global flags, and security rules." That directs the agent to a file outside this skill's bundle for authentication and security rules, which is vague and can expand the agent's scope unexpectedly (reading local or project config, creating files via 'gws generate-skills'). The instructions don't explicitly limit what files or environment values 'gws' may access.
Install Mechanism: okNo install spec and no code files — lowest-risk format. The skill requires a gws binary to already exist; risk therefore depends on where that binary comes from, but the skill itself won't install code.
Credentials: concernNo environment variables or primary credential are declared, yet Google Workspace APIs require authenticated access. The SKILL.md's reliance on an external shared SKILL.md implies credentials/config are handled elsewhere, but those credentials are not documented here. This omission is disproportionate and obscures what secrets the agent will need or access at runtime.
Persistence & Privilege: okalways is false and there are no install scripts, config paths, or claims to modify other skills. The one persistence-related note is that the instructions suggest running 'gws generate-skills', which could write files to disk — but that behavior is delegated to the gws binary and is not documented in this skill.