Skillv1.0.12

ClawScan security

Persona Content Creator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 31, 2026, 6:35 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only persona that delegates Google Workspace actions to a local 'gws' CLI and related gws-* helper skills; its requirements and instructions are consistent with its stated purpose.
Guidance: This skill itself is just a set of instructions that use a local 'gws' CLI and helper skills to act on Google Workspace. Before installing or invoking it: (1) confirm you trust the 'gws' binary on your system (where it came from and what account/token it uses); (2) review the permissions/scopes that gws and the gws-* helper skills require (they will likely need Gmail/Drive/Docs/Chat scopes and can send emails or post in chat); (3) test in a limited account or sandbox to verify behavior (especially email sends/announcements) and avoid accidentally broadcasting drafts; and (4) note the small metadata/version mismatch in the SKILL.md — harmless but worth verifying the source.

Review Dimensions

Purpose & Capability: okName/description (content creation & distribution across Workspace) match the instructions and the declared runtime dependency on a 'gws' CLI plus gws-docs/gws-drive/gws-gmail/gws-chat/gws-slides helper skills. The required binary and helper skills are appropriate for Google Workspace integration. Minor note: SKILL.md metadata version (0.22.5) differs from registry version (1.0.12), which is likely a benign packaging/versioning mismatch.
Instruction Scope: noteAll runtime instructions are limited to using the 'gws' commands (docs, drive, gmail, chat, slides) to create, organize, and share content. The skill explicitly directs sending announcements and emails which will distribute content — this is coherent with its purpose but means the agent will perform potentially visible external actions (Chat posts, Gmail sends). It does not instruct reading arbitrary local files or environment variables.
Install Mechanism: okInstruction-only skill with no install spec and no code files — lowest risk from installation perspective. Nothing is downloaded or written by this skill itself.
Credentials: noteThe skill declares no env vars or credentials itself, which is coherent because it delegates to a local 'gws' binary and helper skills that likely manage authentication. Users should note that the gws CLI or the helper skills will need Google OAuth credentials/permissions to operate; those external permissions are proportional to the described functionality but should be reviewed before use.
Persistence & Privilege: okalways is false and the skill does not request persistent installation or modify other skills. It does not request elevated platform privileges; autonomous invocation is allowed by default but not exceptional here.