ClawHub
Back to skill
v0.84.0

agent-bom discover gcp

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 1:54 AM.

Analysis

This appears to be a disclosed, read-only GCP inventory skill, but users should use scoped GCP credentials and install the referenced agent-bom tool only from a trusted source.

GuidanceBefore installing, confirm you trust the agent-bom source, use a read-only scoped GCP credential for only the intended project, choose the inventory output path yourself, and review the generated JSON before scanning or sharing it.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceMediumStatusNote
SKILL.md
Requires Python 3.11+, agent-bom installed from this repository or PyPI

The skill is instruction-only and relies on an external agent-bom package/helper for execution. That is aligned with the purpose, but the reviewed artifact does not pin a package hash or include the helper code.

User impactInstalling or running the wrong package version could affect what code handles local GCP credentials and inventory output.
RecommendationInstall agent-bom from the stated official repository or PyPI page, verify the version, and avoid running lookalike packages or untrusted forks.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
SKILL.md
file_reads:
  - "~/.config/gcloud/application_default_credentials.json"
  - "~/.config/gcloud/credentials.db"
  - "operator-selected service account JSON when GOOGLE_APPLICATION_CREDENTIALS is set"

The skill may use local GCP credential/profile files to authenticate discovery. This is expected for GCP inventory and the skill says to use read-only credentials, but those credentials can expose all resources within their granted scope.

User impactIf the selected GCP credential is broad, the skill may inventory more projects or resources than the user intended.
RecommendationUse short-lived or read-only scoped credentials for only the approved project(s), avoid broad admin credentials, and do not paste service account keys or tokens into chat.