Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Requiring the 'gws' CLI matches the stated purpose (Google Keep management). However the SKILL.md depends on a separate ../gws-shared/SKILL.md for auth and global flags, which is not declared in the skill's requirements (no config paths or env vars). That external dependency is not explained in the registry metadata.
Instruction Scope
The SKILL.md explicitly tells the agent to read ../gws-shared/SKILL.md for auth and security rules, and if missing to run 'gws generate-skills' to create it. That directs the agent to read a file outside the skill bundle and to create/configure files on disk via the gws binary — actions outside the skill's declared scope and not enumerated in requires.configPaths.
Install Mechanism
This is an instruction-only skill with no install spec, so nothing is written by the skill itself. The model expects a preinstalled 'gws' binary; lack of an install step lowers installer risk but places trust on that external binary.
Credentials
No environment variables or credential fields are declared, yet the skill points to a shared SKILL.md that presumably contains auth/global flags. That implies access to credentials or config files that are not declared here, which is disproportionate to the metadata shown.
Persistence & Privilege
The skill does not request always:true and has no install actions. It can be invoked autonomously (default), which is normal; there is no evidence it modifies other skills or system-wide agent settings.
What to consider before installing
Before installing or enabling this skill: (1) verify the 'gws' CLI you will use is from a trusted source and inspect its behavior; (2) locate and manually inspect the referenced ../gws-shared/SKILL.md (or equivalent shared config) to see what auth or secrets it contains — do not let the agent auto-create it without review; (3) avoid running 'gws generate-skills' unless you trust the gws binary and understand what files it will write and what credentials it will store; (4) prefer testing in an isolated environment or container first; (5) if you cannot find the shared config or a trustworthy source for gws, treat this skill as potentially risky because it implicitly requires credential/config access that isn't declared.Like a lobster shell, security has layers — review code before you run it.
Plugin bundle (nix)
Skill pack · CLI binary · Config
SKILL.mdCLIConfig
CLI help (from plugin)
gws keep --help
Runtime requirements
Binsgws
latest
keep (v1)
PREREQUISITE: Read
../gws-shared/SKILL.mdfor auth, global flags, and security rules. If missing, rungws generate-skillsto create it.
gws keep <resource> <method> [flags]
API Resources
media
download— Gets an attachment. To download attachment media via REST requires the alt=media query parameter. Returns a 400 bad request error if attachment media is not available in the requested MIME type.
notes
create— Creates a new note.delete— Deletes a note. Caller must have theOWNERrole on the note to delete. Deleting a note removes the resource immediately and cannot be undone. Any collaborators will lose access to the note.get— Gets a note.list— Lists notes. Every list call returns a page of results withpage_sizeas the upper bound of returned items. Apage_sizeof zero allows the server to choose the upper bound. The ListNotesResponse contains at mostpage_sizeentries. If there are more things left to list, it provides anext_page_tokenvalue. (Page tokens are opaque values.) To get the next page of results, copy the result'snext_page_tokeninto the next request'spage_token.permissions— Operations on the 'permissions' resource
Discovering Commands
Before calling any API method, inspect it:
# Browse resources and methods
gws keep --help
# Inspect a method's required params, types, and defaults
gws schema keep.<resource>.<method>
Use gws schema output to build your --params and --json flags.
Comments
Loading comments...