Back to skill

Security audit

Gws Cloudidentity

Security checks across malware telemetry and agentic risk

Overview

This skill needs review because it is described as group management but exposes broader Google admin actions, including device wipes and SSO changes.

Install only if you intend to grant a Google Workspace or Cloud Identity admin-capable agent broad administrative authority. Verify the `gws` binary and generated `gws-shared` instructions first, use the least-privileged Google admin account possible, and require explicit human confirmation before any wipe, delete, SSO, policy, or security-setting operation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill manifest says it only manages identity groups and memberships, but the documented command surface also includes device wipe/delete operations, SSO profile and assignment management, user invitations, and policy access. This scope mismatch can mislead users or higher-level agents into invoking far more sensitive administrative actions than expected, increasing the chance of accidental destructive or privilege-affecting operations.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill enumerates destructive and security-sensitive actions such as device wipe, device delete, group delete, and SSO configuration changes without any inline warning, confirmation guidance, or mention of operational impact. In an agent-driven context, this omission makes unsafe execution more likely because the documentation presents high-risk actions as routine commands without safeguards or cautionary framing.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.