Back to skill
Skillv1.0.12
ClawScan security
Persona Project Manager · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 31, 2026, 6:35 PM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's requirements and runtime instructions align with its stated project-management purpose, but it delegates access/credentials to external 'gws' utilities so you should verify those helper skills and permissions before enabling autonomous actions.
- Guidance
- This skill appears to do what it says: it orchestrates Google Workspace actions via a 'gws' CLI and helper skills. Before installing, verify the source/trustworthiness of the gws binary and the listed helper skills (gws-drive, gws-sheets, gws-calendar, gws-gmail, gws-chat) because those will hold the Google credentials and permissions needed to send email, schedule events, and modify Drive/Sheets. Prefer enabling dry-run or user-confirmation for write actions, review what OAuth scopes the helper skills request, and restrict autonomous invocation if you want to prevent the agent from sending emails or creating calendar events without explicit approval.
Review Dimensions
- Purpose & Capability
- okName/description (project coordination: tasks, meetings, docs) match the instructions, which call a 'gws' CLI and Google-workspace-focused helper skills (gws-drive, gws-sheets, gws-calendar, gws-gmail, gws-chat). Requiring the 'gws' binary and those helper skills is coherent for this functionality.
- Instruction Scope
- okSKILL.md contains concrete, bounded instructions that call gws workflows and commands (upload, sheets append, calendar insert, gmail send). It does not instruct reading unrelated files or environment variables, nor does it attempt to exfiltrate data to unexpected endpoints. It recommends safe practices (dry-run).
- Install Mechanism
- okInstruction-only skill with no install spec and no code files — nothing is written to disk by this skill itself, which is the lowest-risk install model.
- Credentials
- noteThe skill declares no required env vars or credentials itself and relies on the 'gws' binary and the listed helper skills to perform actions. This is plausible, but you should confirm those helper skills manage OAuth/service-account credentials appropriately; otherwise the skill would need access to Google credentials to send mail, modify calendars, and upload files.
- Persistence & Privilege
- notealways is false (good). The skill can be invoked autonomously (default), which is expected for an assistant that schedules meetings and sends email; however, that gives it the ability to perform potentially impactful actions (create calendar events, send emails). Consider requiring user confirmation or limiting scope if you don't want autonomous writes.