Back to skill
Skillv1.0.12
ClawScan security
Gws Workflow · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousMar 31, 2026, 6:35 PM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill mostly just wraps a gws CLI (which fits the stated purpose) but omits any declared authentication or configuration requirements and directs the agent to read or generate a shared SKILL.md for auth — a mismatch that could hide sensitive credential or file operations.
- Guidance
- This skill appears to be a thin wrapper around a 'gws' CLI which is reasonable for Google Workflow tasks, but it defers authentication and security rules to a separate ../gws-shared/SKILL.md that is not included or declared. Before installing or enabling this skill: 1) Inspect the referenced ../gws-shared/SKILL.md to see exactly what credentials, files, or config it reads/creates and where (tokens, OAuth creds, config files). 2) Verify the provenance and behavior of the 'gws' CLI you will run (is it an official Google-provided tool or third-party?). 3) If the shared SKILL would create credentials/config via `gws generate-skills`, review what that generator writes and its permissions. 4) Avoid enabling the skill until you confirm which Google credentials are required and that they are limited to the minimum scopes needed. The missing declaration of authentication/config requirements is the main coherence gap here.
Review Dimensions
- Purpose & Capability
- noteName/description (Google Workflow cross-service workflows) align with requiring a 'gws' CLI binary. Requesting the gws executable is plausible and proportionate. However, the skill refers to a ../gws-shared/SKILL.md for auth and security rules but does not declare any credentials or config paths itself — this is an implicit dependency that is not represented in the metadata.
- Instruction Scope
- concernSKILL.md instructs the agent to read a sibling shared SKILL.md for auth and to run `gws generate-skills` if missing. That directs the agent to read/write files outside this skill's folder and to execute a generator command that may create configuration or credentials. The instructions themselves do not enumerate what auth or files will be accessed/created, giving the skill broad, implicit scope beyond the declared single binary requirement.
- Install Mechanism
- okThis is an instruction-only skill with no install spec and no bundled code — low surface area. It relies on an external 'gws' binary being present; no downloads or extracts are requested by the skill itself.
- Credentials
- concernNo environment variables or primary credential are declared, yet the skill explicitly defers auth and security rules to a separate ../gws-shared/SKILL.md. That suggests this skill will rely on credentials or config provided elsewhere (likely Google Workspace credentials or tokens), but those are not declared here, creating an incomplete and potentially misleading permission picture.
- Persistence & Privilege
- okalways is false and there is no install script or code that requests persistent presence or modifies other skills. The main persistence risk arises indirectly from the referenced generator (`gws generate-skills`) which could create files/configs, but that action is not defined in this SKILL.md.