Skillv1.0.12

ClawScan security

Recipe Create Vacation Responder · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 31, 2026, 6:36 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions and declared requirements line up with its stated purpose (enabling a Gmail vacation responder), but it assumes an already-installed/authenticated gws CLI and has minor metadata omissions you should be aware of.
Guidance: This recipe is coherent for enabling a Gmail vacation responder, but before installing or invoking it: (1) Verify the 'gws' CLI on your system is the legitimate tool you expect and check how it is authenticated (OAuth token, gcloud, service account), because the recipe will run gws commands that modify your account settings. (2) Confirm which account 'gws' will act as (the recipe uses 'me') so you don't accidentally change a different account or a privileged/admin account. (3) Be aware the skill is instruction-only and won't install anything itself — if 'gws' is missing you'll need to install it from a trusted source. (4) Note the SKILL.md metadata version (0.22.5) differs from the registry version (1.0.12); this is likely benign but worth checking with the skill author if you need provenance. If you are comfortable with the CLI and credentials, the skill is proportionate to its purpose; otherwise do not grant the agent autonomous runs that could change your Gmail settings without review.

Purpose & Capability: okName/description match the runtime instructions: the SKILL.md shows gws gmail users settings updateVacation/getVacation which is exactly what an OOO responder recipe would do. The declared required binary (gws) and required skill (gws-gmail) are appropriate.
Instruction Scope: noteInstructions are narrowly scoped to enabling/disabling Gmail vacation responder for the authenticated user ('me'). They do not instruct reading unrelated files or exfiltrating data. However, they will execute gws CLI commands that change account settings — the SKILL.md does not describe authentication or consent steps.
Install Mechanism: okInstruction-only skill with no install spec, so nothing is downloaded or written by the skill itself. The risk surface depends on the existing 'gws' binary on the host (not supplied by this skill).
Credentials: noteThe skill declares no env vars or config paths, but the gws CLI will use existing local credentials/config (OAuth or service account) on the host. The skill does not explicitly document this dependency — ensure you understand which account/credentials gws will use before running.
Persistence & Privilege: okalways:false and no install actions; autonomous invocation is allowed (platform default). This means an agent could run the commands autonomously, which is expected behavior but you should be comfortable with the agent having the ability to change your Gmail settings.