Skillv1.0.12

ClawScan security

Persona Customer Support · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 31, 2026, 6:35 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's actions and requirements are consistent with a Google-Workspace-based customer support persona; it is an instruction-only wrapper that delegates work to gws and gws-* utility skills.
Guidance: This skill itself is an instruction-only persona that calls a 'gws' CLI and four gws-* helper skills to manage Gmail, Sheets, Chat, and Calendar. Before enabling: 1) Inspect the gws, gws-gmail, gws-sheets, gws-chat, and gws-calendar skills to see exactly what Google OAuth scopes and permissions they request (they will need access to your email, sheets, chat, and calendar). 2) Confirm you trust the publisher/source (no homepage or author metadata is provided). 3) Ensure the 'gws' binary is from a trusted origin and understand where it runs and logs actions. 4) If possible, test with a limited or service account that has only the minimum required access. 5) Monitor activity (audit logs) after enabling so you can revoke access if unexpected actions occur.

Purpose & Capability: okThe name/description (manage support tickets, respond, escalate) matches the runtime instructions which invoke gws gmail/sheets/chat/calendar workflows. Requiring the 'gws' binary and the listed gws-* utility skills is proportionate for this purpose.
Instruction Scope: okSKILL.md only instructs using gws commands to triage email, convert emails to tasks, append sheets, post to chat, and insert calendar events. It does not instruct reading unrelated files, environment variables, or sending data to unexpected external endpoints.
Install Mechanism: okThere is no install spec and no code files; this is instruction-only so nothing is written to disk by the skill itself. That minimizes installation risk.
Credentials: noteThe skill declares no environment variables or credentials itself. However, it requires auxiliary gws-* skills which almost certainly need Google OAuth credentials and scopes (Gmail, Sheets, Chat, Calendar). Those delegated permissions are the real privilege surface — review the gws-* skills' required scopes before enabling.
Persistence & Privilege: okalways:false and default autonomous invocation are used (normal). The skill does not request persistent system-wide changes or modify other skills' configs. Autonomous invocation combined with the delegated Google scopes is the main runtime risk and should be considered when enabling.