Skillv1.0.0

ClawScan security

Lead Scorer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 3, 2026, 3:28 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (scoring leads and writing to Google Sheets) is coherent, but there are metadata inconsistencies and a potentially risky Google Sheets behavior (making the sheet writable by anyone) and unclear handling of sensitive credentials.
Guidance: This skill mostly does what it says (score audits and write to Google Sheets) but has some red flags you should address before installing: - Resolve the metadata mismatch: SKILL.md expects GOOGLE_SHEET_NAME and GOOGLE_CREDS_FILE but registry metadata lists none—confirm which env vars the runtime will actually need. - Do not give the skill a broad Google service-account file. Create a minimal service account with only the Drive/Sheets scopes required, and avoid using a project owner or broad credentials. - Remove or change spreadsheet.share(None, perm_type='anyone', role='writer'): making the sheet writable by anyone risks exposing and allowing modification of your lead data. Prefer sharing with a specific service account email or an internal group, or omit auto-sharing entirely. - Because this is instruction-only, ensure the runtime environment installs gspread and google-auth from official PyPI packages in a controlled environment. - Audit the rest of the (truncated) SKILL.md/code before use — the provided file was truncated, so there may be additional behavior not visible. If possible, ask the publisher for the full SKILL.md and confirm no other external endpoints or credential accesses are present. Given these issues, do not provide production credentials or sensitive data to this skill until the above items are addressed.

Review Dimensions

Purpose & Capability: noteThe skill's logic (applying a scoring rubric to an audit dict and writing results to Google Sheets) matches the name/description. However the registry-level metadata earlier said no required env vars while SKILL.md both states the skill 'Requires GOOGLE_SHEET_NAME and GOOGLE_CREDS_FILE' and lists them as optionalEnv — that's an inconsistency the user should resolve before trusting the skill.
Instruction Scope: concernSKILL.md instructs the agent to read a Google service-account credentials file (via Credentials.from_service_account_file) and to create/open a spreadsheet. The code calls spreadsheet.share(None, perm_type='anyone', role='writer'), which makes the sheet publicly writable — this is unexpected for a lead-scoring tool and risks data exposure and tampering. The skill also accesses environment variables (GOOGLE_SHEET_NAME/GOOGLE_CREDS_FILE) that the registry metadata did not mark as required; the SKILL.md is the authoritative runtime instruction but the mismatch is concerning. Some SKILL.md content is truncated in the provided file, so there may be additional instructions not visible.
Install Mechanism: noteThis is instruction-only (no install spec, no code files). SKILL.md declares Python packages (gspread, google-auth) as required, but no automated install step is provided. That is low risk from an automatic-install perspective, but operators must ensure the runtime environment has those packages installed from trusted sources.
Credentials: concernRequesting a Google service-account credential file and sheet name is proportional to the stated goal (writing to Google Sheets), but the credential is highly sensitive. The skill as-written will require a service-account JSON on disk or an env var path; users must not supply broad-scope credentials. Also the code's auto-sharing behavior elevates the sensitivity risk because supplying credentials plus this code could make private lead data publicly writable.
Persistence & Privilege: okThe skill does not request always:true or any elevated platform privileges. It is user-invocable and allows autonomous invocation (platform default). It does not request persistent installation or modification of other skills in the provided content.