v1.0.0

Google Cloud

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:31 AM.

Analysis

This is an instruction-only Google Cloud guidance skill; the main thing to notice is that it expects the gcloud CLI, which can use the user's configured GCP account.

GuidanceThis skill appears benign and mainly provides Google Cloud best-practice guidance. Before using it for real deployments or management tasks, make sure the gcloud account in your environment has only the permissions needed for the task and review any proposed GCP changes before they are run.

Findings (1)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

SKILL.md

description: Deploy, monitor, and manage GCP services with battle-tested patterns. ... "requires":{"anyBins":["gcloud"]}

The skill is for Google Cloud administration and declares the gcloud CLI as its required tool. That is purpose-aligned, but gcloud commonly acts with the user's configured cloud identity and permissions.

User impactIf the agent later uses gcloud during a GCP task, actions could affect the user's real Google Cloud projects according to that account's permissions.

RecommendationUse least-privilege GCP accounts or service accounts, review proposed cloud changes before approving them, and avoid using broad Owner or Editor credentials for routine tasks.