Back to skill
Skillv1.0.12
ClawScan security
Gws Events Subscribe · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 31, 2026, 6:34 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's declared purpose matches the gws CLI usage, but it omits any clear auth/credential declarations and defers auth/security behavior to a referenced external SKILL.md (../gws-shared), which makes its runtime requirements and data access unclear.
- Guidance
- This skill appears to be a thin wrapper around the 'gws events +subscribe' CLI and is generally coherent — but it defers authentication and global flags to a referenced ../gws-shared/SKILL.md that is not included. Before installing or running: (1) inspect the gws-shared SKILL.md the skill references (or the output of `gws generate-skills`) to see exactly how credentials are obtained and stored; (2) verify which account/credentials the gws binary will use (ADC, gcloud user account, or a service account) and ensure least privilege; (3) confirm the origin and integrity of the 'gws' binary on your system; (4) be cautious when running commands that create Pub/Sub resources — use --cleanup or a sandbox GCP project for testing; (5) avoid providing broad service-account keys unless necessary. If you cannot locate the referenced gws-shared documentation or confirm auth flows, do not run this skill with high-privilege credentials.
Review Dimensions
- Purpose & Capability
- noteThe name/description (subscribe to Workspace events and stream NDJSON) aligns with the required binary (gws) and the documented CLI flags. Requiring a gws CLI to subscribe to Google Workspace events is reasonable.
- Instruction Scope
- noteSKILL.md only documents the gws events +subscribe command and flags. However it explicitly instructs the agent to read ../gws-shared/SKILL.md for auth, global flags, and security rules — that external dependency is not included in the package, so the agent may attempt to access or create files and follow instructions outside this skill. The skill otherwise doesn't instruct reading unrelated system files or sending data to unexpected endpoints.
- Install Mechanism
- okInstruction-only skill with no install spec and no code files — lowest install risk. It assumes an existing 'gws' binary is present on PATH.
- Credentials
- concernThe skill declares no required environment variables or primary credential, yet subscribing to Workspace events and creating/using Pub/Sub resources requires GCP/Workspace auth and permissions. The lack of explicit credential/env declarations (and deferral to a missing ../gws-shared file) makes it unclear what secrets or accounts will be used, where they are sourced from, and whether the agent will access additional credentials.
- Persistence & Privilege
- okalways is false and the skill does not request persistent presence or modify other skills. It may create cloud resources (Pub/Sub) when run, which is expected for its purpose; SKILL.md includes a CAUTION to confirm write actions.