Skillv1.0.12

ClawScan security

Recipe Post Mortem Setup · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 31, 2026, 6:37 PM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: This instruction-only recipe is internally consistent with its stated purpose (creating a Google Doc, scheduling a Calendar event, and sending a Chat notification); it has low direct risk but it relies on the external 'gws' tooling and the referenced gws-* skills which will handle real Google credentials.
Guidance: This recipe is coherent and low-risk by itself, but it requires the 'gws' CLI and the gws-docs/gws-calendar/gws-chat companion skills to actually perform actions in your Google Workspace. Before installing or running it: 1) confirm you trust the 'gws' tool and the gws-* skills (review what Google OAuth scopes they request); 2) replace placeholder values (incident name, date/time, attendee emails, chat space) to avoid accidentally notifying the wrong recipients; 3) note the small version mismatch between SKILL.md and registry metadata (likely harmless but worth checking); and 4) if you need stricter safety, inspect or test the gws commands in a non-production account to confirm behavior.

Review Dimensions

Purpose & Capability: okName/description match the runtime instructions: the steps call gws docs, calendar, and chat to create a doc, insert a calendar event, and send a chat message. The declared required binary (gws) is exactly what the recipe uses. One minor inconsistency: SKILL.md metadata version (0.22.5) differs from registry version (1.0.12), which is likely a packaging/versioning mismatch but does not affect functionality.
Instruction Scope: okInstructions are narrowly scoped to the stated task and only reference gws commands to create a doc, schedule a meeting, and post a chat message. Commands include example placeholders (incident, date/time, team@company.com, spaces/ENG_SPACE) that will be sent as-is if not replaced; the recipe does not instruct the agent to read unrelated files, system paths, or environment variables.
Install Mechanism: okNo install spec and no code files — instruction-only. This keeps on-disk risk minimal. The recipe assumes the existing 'gws' binary and the gws-* companion skills are available; it does not download or install software itself.
Credentials: noteThe skill itself requests no env vars or credentials, which is proportional. However, it depends on external skills (gws-docs, gws-calendar, gws-chat) and the 'gws' tool; those components will almost certainly require Google Workspace credentials and OAuth scopes to operate. Verify the auth/scopes and trustworthiness of those gws-* skills before use.
Persistence & Privilege: okalways is false and the skill is user-invocable only. It does not request persistent presence or attempt to modify other skills or global agent settings.