Back to skill
Skillv1.0.14
ClawScan security
Gws Gmail Reply · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 31, 2026, 6:34 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requirements and instructions are consistent with its stated purpose (invoking the local 'gws' CLI to reply to Gmail messages); it appears to be an instruction-only wrapper that delegates auth and network activity to the gws tool and a sibling gws-shared skill.
- Guidance
- This skill is a documentation wrapper that runs your local 'gws' CLI to reply to Gmail messages. Before installing or using it: (1) confirm the 'gws' binary on your system is the official/trusted implementation and understand how it stores Gmail credentials; (2) open ../gws-shared/SKILL.md (or run the suggested 'gws generate-skills' in a safe environment) to see how auth and global flags are handled; and (3) be mindful that sending emails (and attachments) will be performed by the gws tool and will use whatever Gmail credentials that tool is configured to use.
Review Dimensions
- Purpose & Capability
- okThe skill is a thin instruction wrapper for the 'gws' CLI to send Gmail replies. The only declared runtime requirement is the 'gws' binary, which matches the described capability.
- Instruction Scope
- noteSKILL.md confines runtime behavior to invoking 'gws gmail +reply' and documenting flags. It references ../gws-shared/SKILL.md for auth and global flags — that external file could contain auth instructions or additional operations, so review gws-shared before trusting the skill.
- Install Mechanism
- okNo install spec and no code files — this is instruction-only, so nothing is written to disk by the skill itself. Installation risk depends on the external 'gws' binary, which must be vetted separately.
- Credentials
- noteThe skill declares no required environment variables or credentials. However, authentication and credentials are delegated to the 'gws' tool and the referenced gws-shared SKILL.md; you should confirm where those credentials are stored and that they are appropriate for a Gmail reply tool.
- Persistence & Privilege
- okThe skill does not request always:true and is user-invocable. It does not claim to modify other skills or system-wide configuration. Any persistent behavior would come from the 'gws' binary, not this instruction file.