Skillv1.0.12

ClawScan security

Gws Workflow Standup Report · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 31, 2026, 6:35 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose (produce a standup summary via the gws CLI) is plausible, but it references an external shared SKILL.md for authentication and global flags without declaring that dependency or any credentials — this mismatch is concerning and deserves verification before use.
Guidance: This skill likely calls the 'gws' CLI to read your calendar and tasks, which is reasonable for a standup report — but it refers to a ../gws-shared/SKILL.md for auth without declaring any credentials. Before installing: (1) locate and inspect the gws-shared SKILL.md the skill references to see where credentials live and what global flags it sets; (2) confirm the provenance and integrity of the 'gws' CLI (how it was installed, vendor, version); (3) verify that any credentials/config are stored in a place you trust and that the shared SKILL.md doesn't expose secrets; (4) run the command in a restricted/test account or isolated environment first to confirm the tool is truly read-only. If you cannot find or review the referenced gws-shared file, treat the skill as untrusted.

Review Dimensions

Purpose & Capability: concernThe declared requirement (binary 'gws') matches the stated purpose (a gws workflow command). However, the skill references ../gws-shared/SKILL.md for auth/global flags but does not declare any dependency on that shared skill or any required environment variables/credentials. A skill that needs access to calendar/tasks will require credentials; not declaring them is an inconsistency.
Instruction Scope: concernThe runtime instructions explicitly tell the agent to 'Read ../gws-shared/SKILL.md for auth, global flags, and security rules' — that asks the agent to read a file outside the skill's own directory (potentially containing sensitive config/credentials). While the command-run instructions themselves are narrow (invoke 'gws workflow +standup-report'), the cross-skill file read is scope creep and could expose or rely on secrets not declared here.
Install Mechanism: okThis is an instruction-only skill with no install spec; it only requires the 'gws' binary to exist. That is low-risk from an installation perspective, provided 'gws' itself is trusted and properly installed.
Credentials: concernNo environment variables or primary credential are declared, yet the skill implicitly depends on authentication described in a separate 'gws-shared' SKILL.md. This omission is disproportionate: calendar/task access normally requires credentials, and those are not surfaced here.
Persistence & Privilege: notealways is false and the skill is not marked to auto-enable globally. It can be invoked autonomously (platform default), which is expected. The main concern is that it references external config (gws-shared) rather than requesting persistent privileges itself.