ClawHub

Gws Apps Script Push

v1.0.0

Google Apps Script: Upload local files to an Apps Script project.

0· 274·2 current·3 all-time
by@googleworkspace-bot
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The skill is instruction-only and requires the 'gws' CLI binary, which is coherent with the described function (pushing files to Apps Script). However, the SKILL.md references an external '../gws-shared/SKILL.md' for auth and global flags but this skill's metadata declares no required credentials or config paths, creating a mismatch between declared requirements and the actual authentication dependency.
Instruction Scope
Runtime instructions are limited to invoking the 'gws' CLI to push files and explicitly caution that this is a write operation. They also instruct the agent to read '../gws-shared/SKILL.md' for auth, flags, and security rules — that single external-file dependency expands the agent's read scope beyond the skill's own SKILL.md and could expose or rely on credentials/config not declared here.
Install Mechanism
No install specification and no code files are present — lowest-risk installation model. The skill is instruction-only and will invoke an already-installed 'gws' binary; nothing is downloaded or written by the skill itself.
!
Credentials
The skill does not declare any required environment variables or primary credentials, yet it explicitly defers authentication to a separate '../gws-shared/SKILL.md'. Because pushing replaces all files in a remote Apps Script project, this operation necessarily requires Google auth tokens/credentials. The omission of declared credential requirements is a discrepancy: users should inspect gws-shared to see exactly what secrets or tokens are read/used.
Persistence & Privilege
always:false and no special persistence requested. The skill doesn't claim to modify other skills' configurations. The primary autonomy concern is the normal platform default (agent can invoke the skill) combined with a destructive write operation — consider requiring user confirmation before autonomous runs.
What to consider before installing
Before installing or enabling this skill: 1) Confirm the provenance and integrity of the 'gws' CLI (where it comes from and whether you trust it). 2) Open and review ../gws-shared/SKILL.md (or run gws generate-skills as suggested) to see what authentication method and credentials it requires — do not assume there are no secrets involved. 3) Be aware this command will replace all files in the target Apps Script project (back up the project first). 4) If you are uncomfortable with autonomous agent actions that perform writes, require explicit user confirmation or disable autonomous invocation for this skill. 5) Test with a non-production script/project and a dry-run (if gws supports one) before running against important projects.

Like a lobster shell, security has layers — review code before you run it.

Plugin bundle (nix)
Skill pack · CLI binary · Config
SKILL.mdCLIConfig
CLI help (from plugin)
gws apps-script +push --help

Runtime requirements

Binsgws
latestvk976ebwx6wxms7mdzyyx2vk2hs828rz2
274downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@googleworkspace-bot
latest
Download

apps-script +push

PREREQUISITE: Read ../gws-shared/SKILL.md for auth, global flags, and security rules. If missing, run gws generate-skills to create it.

Upload local files to an Apps Script project

Usage

gws apps-script +push --script <ID>

Flags

FlagRequiredDefaultDescription
--scriptScript Project ID
--dirDirectory containing script files (defaults to current dir)

Examples

gws script +push --script SCRIPT_ID
gws script +push --script SCRIPT_ID --dir ./src

Tips

  • Supports .gs, .js, .html, and appsscript.json files.
  • Skips hidden files and node_modules automatically.
  • This replaces ALL files in the project.

[!CAUTION] This is a write command — confirm with the user before executing.

See Also

Comments

Loading comments...