Skillv1.0.12

ClawScan security

Gws Modelarmor Sanitize Response · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 31, 2026, 6:35 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only wrapper around the gws CLI to run a Model Armor sanitize command and its declared requirements are coherent, but you should inspect the referenced shared auth document and the gws binary before use.
Guidance: This skill is essentially a thin wrapper that runs the gws CLI to sanitize model output — that is coherent. Before installing or enabling it: (1) Confirm you trust the gws binary on your system (verify source/version) because the skill will invoke it; (2) open and review ../gws-shared/SKILL.md as referenced — that file likely contains the auth/global flags and may request credentials or config paths (inspect any required env vars or token usage); (3) confirm the Model Armor template names you will pass are correct and that using them won’t leak sensitive outputs to unintended places; (4) if you want stricter containment, run initial tests in an isolated environment or with least-privilege credentials; (5) if you do not want the agent to call this skill autonomously, disable autonomous invocation at the agent level or avoid granting the agent access to the gws binary/credentials.

Purpose & Capability: okThe name/description match the runtime instructions: the SKILL.md tells the agent to run gws modelarmor +sanitize-response with a template. Requiring the gws binary is expected for this purpose; no unrelated binaries or env vars are requested.
Instruction Scope: noteInstructions explicitly tell the agent to read ../gws-shared/SKILL.md for auth and global flags. That delegation is reasonable for shared configuration, but it means this skill relies on another file for credentials and security rules — users should review that shared file because it may expand the skill's effective scope.
Install Mechanism: okThere is no install spec (instruction-only). This minimizes install-time risk — the only runtime requirement is an existing gws binary on PATH.
Credentials: noteThis skill declares no environment variables itself (proportionate). However, the SKILL.md defers auth/global flags to ../gws-shared/SKILL.md, which may require credentials or config (not visible here). Verify that the shared file does not request unrelated secrets or broad credentials.
Persistence & Privilege: okThe skill is not marked always:true and uses normal autonomous invocation settings. It does not request system-wide config changes or persistent installation steps in its own instructions.