Back to skill
Skillv1.0.12
ClawScan security
Gws Keep · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 31, 2026, 6:34 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's declared purpose (manage Google Keep via the gws CLI) is plausible, but the runtime instructions reference an external shared SKILL.md and a generate step that can create auth/config outside the skill without having declared those config paths or credentials — this mismatch is concerning.
- Guidance
- Before installing or enabling this skill: (1) verify the 'gws' CLI you will use is from a trusted source and inspect its behavior; (2) locate and manually inspect the referenced ../gws-shared/SKILL.md (or equivalent shared config) to see what auth or secrets it contains — do not let the agent auto-create it without review; (3) avoid running 'gws generate-skills' unless you trust the gws binary and understand what files it will write and what credentials it will store; (4) prefer testing in an isolated environment or container first; (5) if you cannot find the shared config or a trustworthy source for gws, treat this skill as potentially risky because it implicitly requires credential/config access that isn't declared.
Review Dimensions
- Purpose & Capability
- noteRequiring the 'gws' CLI matches the stated purpose (Google Keep management). However the SKILL.md depends on a separate ../gws-shared/SKILL.md for auth and global flags, which is not declared in the skill's requirements (no config paths or env vars). That external dependency is not explained in the registry metadata.
- Instruction Scope
- concernThe SKILL.md explicitly tells the agent to read ../gws-shared/SKILL.md for auth and security rules, and if missing to run 'gws generate-skills' to create it. That directs the agent to read a file outside the skill bundle and to create/configure files on disk via the gws binary — actions outside the skill's declared scope and not enumerated in requires.configPaths.
- Install Mechanism
- okThis is an instruction-only skill with no install spec, so nothing is written by the skill itself. The model expects a preinstalled 'gws' binary; lack of an install step lowers installer risk but places trust on that external binary.
- Credentials
- concernNo environment variables or credential fields are declared, yet the skill points to a shared SKILL.md that presumably contains auth/global flags. That implies access to credentials or config files that are not declared here, which is disproportionate to the metadata shown.
- Persistence & Privilege
- okThe skill does not request always:true and has no install actions. It can be invoked autonomously (default), which is normal; there is no evidence it modifies other skills or system-wide agent settings.