Back to skill
Skillv1.0.13
ClawScan security
Gws Drive · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 31, 2026, 6:34 PM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only wrapper around a 'gws' CLI for Google Drive and its declared requirements (the gws binary) match the described purpose, but it delegates auth to a separate shared skill and has no install or provenance information so you should verify the gws tool and the shared-auth instructions before use.
- Guidance
- This skill is a straightforward wrapper that expects you to have the third-party 'gws' CLI already installed. Before installing/using: (1) verify the source and trustworthiness of the 'gws' binary you will install; (2) inspect the sibling ../gws-shared/SKILL.md (or run gws generate-skills) to see how authentication is performed and where credentials/config will be stored on disk; and (3) avoid supplying high-privilege credentials until you confirm the gws installation and shared-auth instructions are from a trusted source. If you cannot locate the gws project's official homepage or release channel, treat the binary as untrusted.
Review Dimensions
- Purpose & Capability
- okThe name/description (Google Drive management) align with the single declared requirement: the 'gws' CLI binary. Asking for a gws binary is expected for a CLI-wrapper Drive skill; no unrelated binaries or environment variables are requested.
- Instruction Scope
- noteSKILL.md consistently documents Drive API operations via 'gws drive ...'. It explicitly directs the agent to read a sibling ../gws-shared/SKILL.md for authentication, global flags, and security rules and suggests running 'gws generate-skills' if missing. That means authentication/config is delegated to another skill/file and operations may read or write skill-related files on disk; SKILL.md does not instruct the agent to read unrelated system files or exfiltrate data.
- Install Mechanism
- okNo install spec is provided (instruction-only), which is lowest-risk for automatic code installation. The skill relies on an existing 'gws' binary; the security posture therefore depends on how that binary is obtained and installed outside the skill.
- Credentials
- okThe skill declares no required environment variables or credentials itself. Authentication is handled via the referenced gws-shared instructions, so provided env/credential needs will depend on that shared component — check that file before granting credentials.
- Persistence & Privilege
- okThe skill is not always-enabled and uses normal model invocation. It does suggest generating shared files (gws generate-skills) which may write config/auth artifacts, but it does not request elevated platform-wide privileges or alter other skills' configurations in the SKILL.md content provided.