Skillv1.0.12

ClawScan security

Gws Tasks · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousMar 31, 2026, 6:35 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's commands and required gws binary match its stated purpose, but it defers authentication and security rules to an external ../gws-shared/SKILL.md (not declared here), which is an incoherence that could lead to unexpected credential access — inspect that shared file and the gws binary before use.
Guidance: Before installing or enabling this skill: 1) Verify the 'gws' binary is legitimate and from a trusted source (confirm vendor, version, and checksum) because the skill will run that binary. 2) Inspect the referenced ../gws-shared/SKILL.md file to see exactly how authentication is performed and which environment variables, tokens, or files it uses — do not proceed if that file requests broad or unrelated credentials. 3) Confirm the OAuth scopes or API keys used are limited to Google Tasks (least privilege). 4) If you cannot inspect the shared SKILL.md or the gws binary, treat this skill as higher risk; consider testing first with a disposable/non-sensitive account. 5) If you want to proceed, ensure logs and network access are monitored and only grant the minimum required credentials.

Purpose & Capability: okName/description (Google Tasks via a CLI) align with the declared runtime requirement of the gws binary and the listed tasks API operations. Requiring a gws CLI is expected for this purpose.
Instruction Scope: concernThe SKILL.md only instructs running gws commands (which is appropriate) but explicitly tells the agent to 'Read ../gws-shared/SKILL.md for auth, global flags, and security rules.' That directs the agent to access an external file outside this skill's folder for authentication and policy — a scope expansion that may expose credentials or behavior not declared in this skill.
Install Mechanism: okInstruction-only skill with no install spec and no code files. Nothing will be written to disk by the skill itself; the risk surface is limited to invoking an existing gws binary on PATH.
Credentials: concernThis skill declares no required env vars or primary credential, yet it defers auth to a shared SKILL.md. That mismatch is concerning: the actual credentials/scopes needed are not declared here, so the agent or user may be prompted to use credentials from the shared configuration unexpectedly.
Persistence & Privilege: okalways is false and disable-model-invocation is default (model may invoke autonomously, which is normal). The skill does not request system-wide persistence or modify other skills' configs.