Skillv1.0.12

ClawScan security

Persona It Admin · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 31, 2026, 6:35 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's stated purpose (Workspace/IT admin) aligns with its instructions and declared requirements; it is an instruction-only persona that expects a gws CLI and related gws-* utility skills and does not request unrelated secrets or installs.
Guidance: This persona is coherent for Workspace administration, but before installing: 1) verify the source and integrity of the 'gws' CLI you will allow the agent to run; 2) inspect the gws-gmail/gws-drive/gws-calendar utility skills to see what credentials they require and grant only least-privilege service accounts; 3) prefer --dry-run for bulk operations and review audit logs after actions; and 4) avoid giving broad admin tokens to the agent unless you accept the operational risk of automated admin actions.

Review Dimensions

Purpose & Capability: okName and description match the declared requirements: the skill is an IT/admin persona and declares a dependency on a gws CLI and gws-gmail/gws-drive/gws-calendar utility skills — these are consistent with Google Workspace administration tasks.
Instruction Scope: okSKILL.md only instructs Workspace admin actions (run 'gws workflow +standup-report', monitor logins/audit logs, configure Drive sharing, use --dry-run, check 'gws auth status'). It does not request unrelated files, environment variables, or network endpoints beyond the expected gws commands. It implicitly relies on the utility skills and their credentials to perform actions.
Install Mechanism: okNo install spec and no code files (instruction-only), so nothing will be written to disk by the skill itself. This lowers installation risk. Note: the skill requires a 'gws' binary; verify the provenance of that CLI before using it.
Credentials: okThe skill declares no environment variables or credentials itself. Administrative access will instead depend on the gws CLI and the gws-* utility skills (which likely require credentials). That is proportionate, but those dependent skills/service accounts should be reviewed for least privilege.
Persistence & Privilege: okalways:false and no install behavior; the skill does not request permanent presence or modify other skills. The skill allows normal autonomous invocation (platform default) — users should be aware that an agent with Workspace admin credentials could perform actions autonomously if the agent is permitted to call the gws tools.