Skillv1.0.13

ClawScan security

Gws Sheets Append · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 31, 2026, 6:52 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (append a row using the 'gws' CLI) is plausible, but the runtime instructions refer to an external shared SKILL.md for auth and global flags while declaring no required credentials — that mismatch is concerning and needs clarification before install.
Guidance: Before installing, inspect the referenced ../gws-shared/SKILL.md to see exactly what authentication method and environment variables or files the gws CLI expects (service account JSON, GOOGLE_APPLICATION_CREDENTIALS, OAuth tokens, etc.). Verify the provenance of the 'gws' binary (where it comes from and what access it requires). Because this is a write operation, test on a non-sensitive spreadsheet and confirm the user before any append. If you are concerned about undisclosed credential access, do not install until the shared SKILL.md and any generated files are reviewed; consider restricting the agent's ability to access system files or disabling autonomous invocation for this skill until you verify its requirements.

Review Dimensions

Purpose & Capability: concernThe skill calls a gws CLI to append rows, which matches the name/description. However, the SKILL.md explicitly points to ../gws-shared/SKILL.md for authentication, global flags, and security rules, yet the registry metadata declares no required environment variables or primary credential. That omission is inconsistent: a Google Sheets write operation normally requires Google credentials (API key, OAuth token, or service account), so required credentials are likely present but undeclared.
Instruction Scope: concernThe instructions are limited to invoking 'gws sheets +append' which is in-scope, but they also instruct the agent to read ../gws-shared/SKILL.md (outside this skill's directory) for auth and rules, and to run 'gws generate-skills' if missing. That directs the agent to read other skill files and potentially write files, which expands scope beyond a self-contained append command. The SKILL.md does not list exactly which auth artifacts or env vars the agent will read or need at runtime.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files, so nothing will be written to disk by the skill itself. Low install risk.
Credentials: concernThe registry metadata lists no required environment variables or primary credential, but the runtime instructions explicitly defer auth to a separate gws-shared SKILL.md. This likely means required credentials (Google OAuth tokens, service account JSON path, or CLI-stored tokens) are managed outside this skill. The absence of declared env vars is disproportionate to the likely need for Google Sheets credentials and hides which secrets the agent will access.
Persistence & Privilege: okalways is false and there is no explicit request for permanent presence or cross-skill configuration changes. The instruction to run 'gws generate-skills' could create files, but that is an expected operational helper rather than a privilege escalation. Still, the skill's dependence on sibling skill files slightly increases its effective reach.