Google Cloud Platform
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is a straightforward Google Cloud CLI reference, but it can use your authenticated cloud account to make high-impact changes.
Install only if you want the agent to help operate Google Cloud resources through your local CLI. Use a limited account, confirm the active project before running commands, and require explicit approval for deployments, public access changes, VM restarts, storage syncs, or billing-related actions.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent runs commands under a highly privileged account, it may be able to list projects, read logs, manage storage, deploy services, and change production resources.
The skill expects the user to authenticate local Google Cloud and Firebase CLI sessions. This is necessary for the stated GCP-management purpose, but it delegates whatever cloud permissions the active account has.
# Authenticate gcloud auth login ... firebase login
Use a least-privileged account or service identity, verify the active project and account before each task, and require explicit approval for production or public-facing changes.
A mistaken command could cause downtime, expose a service or bucket publicly, or overwrite cloud resources.
The skill documents raw cloud CLI commands that can interrupt VMs, deploy public services, and make storage buckets publicly readable. These actions fit the stated administration purpose but are high impact if executed accidentally.
gcloud compute instances stop INSTANCE_NAME ... gcloud compute instances reset INSTANCE_NAME ... gcloud run deploy SERVICE_NAME ... --allow-unauthenticated ... gsutil iam ch allUsers:objectViewer gs://BUCKET_NAME
Treat mutating commands as approval-required, double-check project/region/resource names, and prefer dry runs, previews, or staged environments where possible.
Installing or updating these tools affects the user's machine and shell environment, and compromised or incorrect sources could execute code locally.
The skill's setup instructions run a downloaded SDK installer and globally install an npm package. This is normal for the advertised tools, but it relies on external package provenance and modifies the local environment.
curl -O https://dl.google.com/dl/cloudsdk/channels/rapid/downloads/google-cloud-cli-linux-x86_64.tar.gz ... ./google-cloud-sdk/install.sh --quiet --path-update true ... npm install -g firebase-tools
Download from official sources, verify checksums or package provenance when possible, and avoid running global installers in sensitive environments without review.