Back to skill
Skillv1.0.12
ClawScan security
Gws Modelarmor Create Template · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 31, 2026, 6:35 PM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill is an instruction-only wrapper around the 'gws' CLI to create a Google Model Armor template and its requirements and behavior are generally consistent with that purpose, though it relies on an external shared SKILL.md for authentication which is not present here.
- Guidance
- This skill appears to be a thin wrapper around the 'gws' CLI to create a Model Armor template. Before installing or running it: 1) Verify you trust the 'gws' binary and where it came from (package/source); 2) locate and review the referenced '../gws-shared/SKILL.md' to see exactly how authentication is performed and which GCP credentials or scopes will be used; 3) confirm with the user before executing since this is a write operation; 4) if you need least-privilege, create a GCP service account with only the permissions required to manage Model Armor templates and ensure the CLI uses that account; and 5) inspect any JSON payloads you pass (the --json flag) and avoid using default 'jailbreak' presets without understanding their contents.
Review Dimensions
- Purpose & Capability
- okThe name/description describe creating a Model Armor template and the only declared requirement is the 'gws' CLI binary, which is exactly what you'd expect for a CLI-based helper. There are no unrelated binaries or unexpected environment variables declared.
- Instruction Scope
- noteThe runtime instructions are narrowly scoped to running 'gws modelarmor +create-template' with flags. However the skill explicitly instructs the agent to read '../gws-shared/SKILL.md' for auth and global flags; that external file may contain authentication or security rules that influence behavior. The skill correctly calls out that this is a write command and asks for user confirmation before executing.
- Install Mechanism
- okThis is an instruction-only skill with no install spec and no code files, so nothing will be written to disk by the skill itself. Lowest-risk install posture.
- Credentials
- noteThe skill declares no required environment variables or credentials. In practice it depends on auth described in the referenced '../gws-shared/SKILL.md' (not included), so required GCP credentials are implicit rather than declared. That omission is noteworthy but not necessarily malicious — it means you must inspect the shared SKILL.md to understand which credentials will be used and where they are read from.
- Persistence & Privilege
- okalways is false and the skill does not request persistent/system-wide changes itself. Autonomous invocation is allowed (platform default), which is expected for a user-invocable skill.