Back to skill
Skillv1.0.0
ClawScan security
Gws Cloudidentity · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 4, 2026, 11:05 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's stated purpose (manage Google Cloud Identity via the 'gws' CLI) is plausible, but the runtime instructions rely on an external shared SKILL.md for auth and may cause the agent to create or read credential/config files without this skill declaring any credential requirements — that mismatch warrants caution.
- Guidance
- This skill delegates authentication to a sibling file ('../gws-shared/SKILL.md') or to running 'gws generate-skills' but does not declare any credential requirements. Before installing or invoking it, verify the source and trustworthiness of the 'gws' CLI and the 'gws-shared' artifacts: inspect the contents of ../gws-shared/SKILL.md (or the files generated by 'gws generate-skills') to see what credentials or tokens would be created or used. Only grant least-privilege Google IAM roles required for the specific operations you need (avoid owner/editor). If you cannot inspect the shared SKILL or the 'gws' binary comes from an unknown origin, run in a sandbox or decline installation. Be especially cautious because the CLI can perform destructive, high-privilege actions (deleting groups, wiping devices, modifying memberships).
Review Dimensions
- Purpose & Capability
- noteThe skill is an instruction-only wrapper around the 'gws' CLI for Cloud Identity operations. Requiring the 'gws' binary is coherent with the description. However, the SKILL.md points to ../gws-shared/SKILL.md for auth/global flags/security rules — the skill does not declare any credentials itself, which is an unexpected delegation and creates an information gap about how auth is performed.
- Instruction Scope
- concernInstructions explicitly tell the agent to read a sibling file ('../gws-shared/SKILL.md') for auth and security rules and, if missing, to run 'gws generate-skills' to create it. That directs the agent to access and potentially create files outside the skill's folder (possible creation of auth/config artifacts). The rest of the SKILL.md guides the agent to run arbitrary 'gws cloudidentity <resource> <method> [flags]' commands which can perform highly privileged actions (delete groups, wipe devices, change memberships). The combination of file access instructions plus powerful CLI actions is broader than the skill's declared requirements alone imply.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files. This is low risk in terms of on-disk installation by the skill itself. The only binary requirement is 'gws' which must already exist on PATH.
- Credentials
- concernThe skill declares no required environment variables or primary credential, yet its prerequisite references an external shared SKILL.md for authentication. This is inconsistent: managing Cloud Identity requires authenticated Google credentials (OAuth, service account, or gcloud ADC). The skill gives no visibility into what credentials will be used, how they are created, or where they are stored.
- Persistence & Privilege
- notealways is false and there is no install that embeds the skill persistently. However, the instructions may cause the agent to generate or read a shared configuration file ('gws generate-skills' / '../gws-shared/SKILL.md'), which could create persistent auth/config artifacts on disk. Autonomous invocation is allowed (default) — combine that with unclear auth handling and powerful API actions to get elevated impact.