Back to skill
Skillv1.0.12
ClawScan security
Gws Docs Write · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 31, 2026, 6:33 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions match its stated purpose (appending text to a Google Doc) but it omits any declared authentication/credential requirements and points to a separate gws-shared SKILL.md for auth, creating an unexplained dependency and potential surprise access to credentials.
- Guidance
- This skill itself is a tiny wrapper around the 'gws' CLI write command and otherwise appears harmless — but it explicitly defers authentication and global flags to '../gws-shared/SKILL.md', which is not bundled here. Before installing or enabling the skill: (1) inspect the gws-shared SKILL.md referenced to see what credentials or environment variables the gws CLI requires (OAuth tokens, service-account keys, or env vars); (2) verify the 'gws' binary on your system is the legitimate tool you expect and understand where it stores tokens/config (~/.config, keychains, etc.); (3) ensure the agent prompts you before executing write operations (the skill warns to confirm, but confirm the agent enforces that); and (4) if you cannot review gws-shared or the gws CLI's auth behavior, treat this skill as higher-risk because it may cause the agent to access or transmit credentials not declared in the registry.
Review Dimensions
- Purpose & Capability
- okName/description (append text to Google Docs) align with the SKILL.md content: it runs a single gws CLI command to append text to a document. The only declared runtime requirement is the 'gws' binary, which is coherent with the described functionality.
- Instruction Scope
- noteSKILL.md's instructions are narrowly scoped to running 'gws docs +write --document <ID> --text <TEXT>' and explicitly caution to confirm with the user before executing. However the file instructs the reader to consult '../gws-shared/SKILL.md' for auth and global flags — that external file is not included in this skill bundle, so the full runtime behavior (what auth is used, what global flags are applied) is unknown.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files. Nothing will be written to disk by an install step. This is low-risk in terms of install mechanism.
- Credentials
- concernThis SKILL.md declares no required environment variables or credentials, yet it defers auth and global flags to an external 'gws-shared' SKILL.md. That external dependency likely contains credential requirements (CLI tokens, OAuth, or environment vars). Because those requirements are not declared here, the skill's requested permissions are unclear and may be disproportionate to what this single command needs.
- Persistence & Privilege
- okThe skill does not request always:true and is user-invocable. It does allow normal autonomous invocation (platform default) but there is no evidence this skill attempts to modify other skills or agent configs.