Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match a gws-based Google Docs helper and the declared required binary (gws) is appropriate. However, the skill does not declare any auth/credentials even though the SKILL.md explicitly says to read ../gws-shared/SKILL.md for auth and security rules. Not declaring where credentials come from (env vars or config paths) is inconsistent with the stated capability.
Instruction Scope
Runtime instructions are minimal and rely entirely on the external gws CLI, which is fine. But the SKILL.md directs the agent to read a sibling file (../gws-shared/SKILL.md) for authentication and security rules and to run gws generate-skills if missing. That creates cross-skill dependencies and potentially causes the agent to read or create files outside this skill's directory — behavior not explained or declared.
Install Mechanism
Instruction-only skill with no install spec and no code files; lowest install risk. It simply requires the gws binary to be present on PATH.
Credentials
No env vars or credentials are declared, yet the SKILL.md implicitly requires authentication to Google via a shared SKILL.md. This mismatch (no declared primaryEnv but an explicit auth prerequisite) is disproportionate and unclear. It's unknown where tokens will be read from or stored.
Persistence & Privilege
always is false and the skill is user-invocable; the skill does not request elevated or persistent platform privileges. Note: the SKILL.md's instructions to read/write sibling files could cause on-disk changes depending on gws behavior, but the skill itself does not force always-on or modify other skills' configurations according to the manifest.
What to consider before installing
This skill appears to be a thin wrapper around a local 'gws' CLI for Google Docs, which is reasonable — but the SKILL.md defers authentication to ../gws-shared/SKILL.md and declares no required credentials. Before installing: 1) Inspect the referenced ../gws-shared/SKILL.md to see exactly how auth tokens are obtained, stored, and protected (env vars vs files). 2) Verify the provenance and integrity of the 'gws' binary you will run (source, version, checksums). 3) Run gws docs --help and gws schema locally in a sandbox to confirm what data is sent/received and whether any files or tokens are created. 4) Ask the skill author to declare required credentials and explain what gws generate-skills does and where it writes files. If you cannot review the shared auth SKILL.md and the gws binary, treat this skill as higher risk and avoid granting access to production credentials.Like a lobster shell, security has layers — review code before you run it.
Plugin bundle (nix)
Skill pack · CLI binary · Config
SKILL.mdCLIConfig
CLI help (from plugin)
gws docs --help
Runtime requirements
Binsgws
latest
docs (v1)
PREREQUISITE: Read
../gws-shared/SKILL.mdfor auth, global flags, and security rules. If missing, rungws generate-skillsto create it.
gws docs <resource> <method> [flags]
Helper Commands
| Command | Description |
|---|---|
+write | Append text to a document |
API Resources
documents
batchUpdate— Applies one or more updates to the document. Each request is validated before being applied. If any request is not valid, then the entire request will fail and nothing will be applied. Some requests have replies to give you some information about how they are applied. Other requests do not need to return information; these each return an empty reply. The order of replies matches that of the requests.create— Creates a blank document using the title given in the request. Other fields in the request, including any provided content, are ignored. Returns the created document.get— Gets the latest version of the specified document.
Discovering Commands
Before calling any API method, inspect it:
# Browse resources and methods
gws docs --help
# Inspect a method's required params, types, and defaults
gws schema docs.<resource>.<method>
Use gws schema output to build your --params and --json flags.
Comments
Loading comments...