Skillv1.0.1

ClawScan security

Gws Alertcenter · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousMar 4, 2026, 11:04 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's commands match its description, but the runtime instructions reference an external shared SKILL.md for authentication and global flags while the registry metadata declares no credentials — this mismatch and the implicit filesystem access are concerning.
Guidance: This skill appears to be a thin wrapper for the 'gws' CLI and is coherent with managing Google Workspace alerts, but the runtime docs point to a shared '../gws-shared/SKILL.md' for authentication while the registry lists no credentials. Before installing: (1) inspect the referenced ../gws-shared/SKILL.md to see what credentials or files it requires (service account JSON, OAuth tokens, environment variables), (2) verify the 'gws' binary source and trustworthiness, (3) confirm how auth is stored and whether secrets would be read from disk or environment, and (4) prefer skills that explicitly declare required env vars/credentials and provide a homepage/source. If you cannot inspect the shared SKILL.md or confirm the auth method, treat this as potentially risky and avoid installing or run it in a restricted/sandboxed environment.

Purpose & Capability: noteName/description align with the provided instructions: the SKILL.md is a thin wrapper describing how to run 'gws alertcenter' methods. Requiring the 'gws' binary is appropriate for a CLI-based Google Workspace Alert Center helper.
Instruction Scope: concernThe instructions explicitly tell the agent to read '../gws-shared/SKILL.md' for auth, global flags, and security rules. That directs the agent to read a file outside this skill's own manifest and suggests additional steps (or credentials) not present in this skill's metadata. It also suggests running 'gws generate-skills' if missing, which could create or modify files.
Install Mechanism: okNo install spec and no code files are present; this is instruction-only and does not write new code to disk by itself. The only runtime dependency is the 'gws' binary, which is declared.
Credentials: concernThe skill metadata lists no required environment variables or credentials, but the SKILL.md defers authentication to an external shared SKILL.md. That implies required credentials (service account keys, OAuth tokens, or similar) may exist but are not declared — a visibility gap. Lack of declared credentials makes it unclear what secrets the agent will need or access at runtime.
Persistence & Privilege: okThe skill is not always-included and is user-invocable; it does not request persistent system-level presence or elevated privileges in the registry metadata.