Skillv1.0.12

ClawScan security

Persona Hr Coordinator · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 31, 2026, 6:35 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's declared dependencies and runtime instructions are coherent with an HR persona: it delegates mailbox, calendar, Drive, and Chat operations to Google Workspace helper skills and requests no unrelated credentials or invasive access.
Guidance: This skill appears to do what it says and is instruction-only, but check two things before installing: (1) confirm the origin and integrity of the required 'gws' CLI on your system (the skill doesn't install it or provide a source), and (2) review the OAuth scopes and credentials granted to the required helper skills (gws-gmail, gws-calendar, gws-drive, gws-chat) so they have only the minimum access needed for HR tasks. Because the skill handles PII and bulk email operations, test it with a limited or sandbox account first and ensure you use the recommended '--sanitize' option for sensitive data.

Review Dimensions

Purpose & Capability: okName/description (HR workflows — onboarding, announcements, employee comms) match the declared runtime requirements: a 'gws' binary and helper skills gws-gmail, gws-calendar, gws-drive, and gws-chat. Those dependencies are appropriate for the stated functionality and no unrelated services or credentials are requested.
Instruction Scope: okSKILL.md instructs only HR-relevant actions (create calendar events, upload onboarding docs, announce in Chat, convert emails to tasks, send bulk announcements). It does not ask the agent to read unrelated files, search system state, or exfiltrate data to unknown endpoints. The tip to use '--sanitize' for PII is appropriate.
Install Mechanism: noteThis is an instruction-only skill (no install spec, no code files), which minimizes risk. One caveat: it requires a 'gws' binary be present; the skill does not provide an install or origin for that binary. Verify the source/trustworthiness of the 'gws' CLI you provide to the agent.
Credentials: noteThe skill itself does not request environment variables or credentials, which is proportional. However, it explicitly depends on Google Workspace helper skills that will require OAuth tokens/credentials with access to mail, calendar, Drive, and Chat. Before use, confirm those helper skills are configured with least-privilege scopes and that tokens are managed securely.
Persistence & Privilege: okNo elevated persistence requested (always:false). The skill does not attempt to modify other skills or system-wide agent settings. It remains user-invocable and can be called autonomously by the agent as is normal for skills.