Skillv1.0.13

ClawScan security

Recipe Generate Report From Sheet · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

SuspiciousMar 31, 2026, 6:36 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The recipe's commands match its stated purpose (sheet → Google Doc), but it omits any declared Google credentials and includes a hard-coded sharing step (cfo@company.com) that could leak data unexpectedly — these mismatches warrant caution.
Guidance: Things to check before installing/using this skill: - Confirm that the gws binary and the gws-sheets/gws-docs/gws-drive skills are installed and authenticated with the correct Google account; the recipe does not declare required credentials itself. - Be aware the recipe will share the generated document with the hard-coded address cfo@company.com. If that recipient is incorrect or external to your org, sensitive data could be leaked. Modify the recipe to prompt for recipient email or remove the automatic sharing step. - Verify OAuth scopes granted to the gws tool: it needs read access to Sheets and create/write/share access to Drive/Docs. Grant the minimum scopes necessary. - Test on non-sensitive sample data first to confirm behavior and outputs (DOC_ID handling, creation output mapping, and permission creation). - If you need tighter control, request the author replace hard-coded values (SHEET_ID, DOC_ID, recipient email) with parameters or interactive prompts so the agent cannot automatically share files without explicit confirmation.

Purpose & Capability: okName/description align with the instructions: the SKILL.md runs gws sheets, docs, and drive commands to read a Sheet, create a Doc, write content, and set permissions. Declared required binary (gws) and required companion skills (gws-sheets, gws-docs, gws-drive) are consistent with the stated purpose.
Instruction Scope: concernInstructions stay within the Sheet→Doc workflow, but include a hard-coded sharing step that creates a permission for the email cfo@company.com. That sharing action has potential for data exfiltration if the sheet contains sensitive data. The SKILL.md does not prompt for or document confirmation of recipients or scopes.
Install Mechanism: okInstruction-only skill (no install spec, no code files). This minimizes install risk because nothing is downloaded or written by the skill itself.
Credentials: noteNo environment variables or credentials are declared, but the commands require authenticated access to Google APIs (Sheets/Docs/Drive). The recipe relies on the presence/authorization of the gws binary and companion gws-* skills; the lack of an explicit primary credential or documented auth requirements is a gap that could be confusing or lead to unintended use of existing Google credentials.
Persistence & Privilege: okSkill is not always-enabled and doesn't request elevated persistent privileges in its metadata. It doesn't indicate modifying other skills or system-wide settings.