ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Google Search Console CLI

v1.0.0

Use this skill when working with this repository's `gsc` CLI, including Google Cloud OAuth client setup, CLI authentication, troubleshooting auth/config issu...

1· 400·0 current·0 all-time
byGregory Potemkin@nmadeleidev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the instructions: the doc is a how-to for the gsc CLI and Google OAuth setup. Minor metadata mismatch: the skill metadata declares no required binaries or env vars, but the SKILL.md clearly expects a Python environment, the 'gsc' command, and optionally pipx/virtualenv. This is plausible (instruction-only skill) but the registry metadata is incomplete.
Instruction Scope
Instructions stay within the stated scope: installing/using the gsc CLI, creating a Google OAuth desktop client, running gsc auth/login, and troubleshooting. The doc references only local config paths (~/.config/gsc-cli) and the Google Cloud Console; it does not instruct reading unrelated system files or exfiltrating secrets to third parties.
Install Mechanism
This is an instruction-only skill (no install spec). Install recommendations use pipx or pip from source — common for Python CLIs. No arbitrary download URLs or archive extraction are suggested within the skill text.
Credentials
The skill uses OAuth client JSON and stores credentials locally; it notes env overrides (GSC_CREDENTIALS_FILE, GSC_APP_CONFIG_FILE, GSC_CONFIG_DIR) which are appropriate for configuring a CLI. The skill does not request unrelated cloud credentials or wide-ranging environment secrets in its metadata.
Persistence & Privilege
Skill is not always-enabled and is user-invocable; it does not request elevated or persistent platform privileges. It documents that the CLI writes credential/config files under the user's config directory, which is expected behavior for a CLI that caches OAuth tokens.
Assessment
This skill appears to be a straightforward CLI guide for the local 'gsc' tool and Google OAuth setup. Before installing or following the instructions: 1) Confirm you intend to install the third-party pip package 'google-search-console-cli' from a source you trust (pipx pulls from PyPI by default). 2) Create and use OAuth credentials in a Google Cloud project you control, and keep the downloaded client_secret JSON private. 3) Prefer readonly scopes unless you need write actions. 4) Note the registry metadata omitted required binaries/envs — ensure you have Python, pipx or a virtualenv, and the 'gsc' command available. 5) Because the skill can be invoked by an agent, avoid supplying OAuth credentials to unknown agents; store secrets only in user-controlled locations (the default ~/.config/gsc-cli path or a path you set via env overrides).

Like a lobster shell, security has layers — review code before you run it.

latestvk976stzxctxfxc1hd46ecw0t3981xa3a

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments