Gws Script Push
Security checks across malware telemetry and agentic risk
Overview
This skill is a straightforward Google Apps Script upload helper, but users must understand that running it can overwrite every file in the target script project.
Install this only if you trust the local `gws` CLI and intend to let it update Google Apps Script projects. Before running it, confirm the script ID, source directory, active Google/GWS account, and whether the project can be recovered or restored, because the push command replaces all files in the target project.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
65/65 vendors flagged this skill as clean.