Back to skill
Skillv1.0.1
ClawScan security
Gws Apps Script · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 4, 2026, 11:04 PM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only wrapper around the gws CLI for Google Apps Script and its requirements align with that purpose, but it references a shared SKILL.md for auth which you should inspect before use.
- Guidance
- This skill is an instruction-only wrapper around your existing gws CLI for managing Apps Script projects. Before installing: (1) Ensure the gws binary on your system is the genuine, trusted tool you expect; (2) inspect the referenced ../gws-shared/SKILL.md to see how auth is handled and what credentials or files gws will access; (3) be aware that any Google credentials already configured for gws (OAuth tokens, gcloud credentials, config files) could be used when the skill runs. If you don't already use gws or you can't verify the shared SKILL.md and gws configuration, do not enable the skill or only enable it in a controlled environment.
Review Dimensions
- Purpose & Capability
- okThe name/description match the instructions: the SKILL.md simply documents gws apps-script commands and how to inspect schemas. The single declared required binary (gws) is appropriate and no unrelated credentials, binaries, or config paths are requested.
- Instruction Scope
- noteThe instructions are limited to using the gws CLI (listing resources, inspecting schemas, calling methods). However the prerequis ite instructs the agent to read ../gws-shared/SKILL.md for auth, flags, and security rules — that references an external/shared file outside this skill. This is plausible for shared auth config, but it means the agent may attempt to read sibling skill files or shared config.
- Install Mechanism
- okNo install spec and no code files — instruction-only skills have minimal on-disk footprint. The skill relies on an existing gws binary rather than downloading code, which is lower risk.
- Credentials
- noteThe skill declares no required environment variables or credentials. In practice the gws CLI will use whatever Google credentials or tokens are configured on the host (OAuth/token files, gcloud or gws config). That is expected for a CLI wrapper, but you should confirm which credentials gws will use before granting agent access.
- Persistence & Privilege
- okalways is false and the skill does not request persistent/privileged installation. Model invocation is allowed (default), which is normal for user-invocable skills and appropriate here.