Skillv1.0.14

ClawScan security

Gws Chat · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 31, 2026, 6:33 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill is an instruction-only wrapper around a local 'gws' CLI for Google Chat and its declared requirements align with that purpose, but it relies on external shared auth documentation and can perform destructive Chat operations — review the gws CLI and shared auth before installing.
Guidance: This skill runs a local 'gws' CLI to manage Google Chat (create/delete spaces, send messages, upload media). Before installing: 1) verify the origin and integrity of the 'gws' binary you will use (who published it, how it is installed); 2) inspect the referenced ../gws-shared/SKILL.md to see how authentication is performed and what OAuth scopes or tokens are used; 3) ensure credentials used by the CLI have the minimum necessary privileges (avoid admin-level scopes if unnecessary); and 4) test actions that delete or modify chat spaces in a test account or workspace first. Because auth is delegated to a shared file not included here, review that file to raise confidence from medium to high.

Purpose & Capability: okName/description (Google Chat management) match the SKILL.md contents which document Google Chat resources and methods. The only declared runtime requirement is the 'gws' CLI binary, which is appropriate for a CLI-based skill.
Instruction Scope: noteInstructions are limited to using the 'gws' CLI (list, create, delete, upload, etc.). They instruct the agent to read ../gws-shared/SKILL.md for auth, global flags, and security rules; that dependency on a sibling/shared SKILL.md is out-of-band and should be checked because it is the place where authentication and security behavior is defined. The skill documents destructive operations (delete spaces/messages) which are expected for the purpose but increase risk if auth/scopes are too broad.
Install Mechanism: okNo install spec and no code files — instruction-only. This is low-risk from an install standpoint because nothing is downloaded or written by the skill itself.
Credentials: noteThe skill requests no environment variables or credentials itself. However it explicitly delegates auth and global flags to ../gws-shared/SKILL.md, so credential handling is implemented elsewhere and must be reviewed to ensure the auth scopes and storage mechanisms are appropriate.
Persistence & Privilege: okNo elevated persistence requested (always:false). The skill is user-invocable and can be invoked autonomously per platform defaults — that is normal and not by itself a problem.