Back to skill
Skillv1.0.0
ClawScan security
gspread-sheets · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 30, 2026, 8:16 AM
- Verdict
- suspicious
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's instructions match its stated purpose (batch Google Sheets operations), but the runtime docs require a sensitive Google service-account JSON (via env or file) while the registry metadata declares no required credentials — this mismatch and the unknown source warrant caution.
- Guidance
- This skill appears to do what it says (gspread-based batch Sheets operations), but it expects a Google service-account JSON (sensitive private key) even though the registry metadata doesn't declare any required credentials — treat that as a red flag. Before installing: - Verify the skill publisher and source (homepage/source unknown here). Prefer skills with a verifiable repository or homepage. - Never paste long-lived service-account JSON into an untrusted UI. Prefer providing a file path to a securely stored key or use short-lived credentials/workload identity if available. - Limit the service account's permissions: grant only the minimum IAM roles and only share the specific spreadsheets with the service account email (don't grant broad Drive access). Review the SCOPES used (they request both spreadsheets and drive). If you can, remove or narrow Drive scope. - Rotate the key regularly and monitor for unexpected access from the service account. - Request the publisher update the registry metadata to declare the required env var (GOOGLE_SERVICE_ACCOUNT_JSON or equivalent) and to document provenance. If you cannot verify the publisher, do not provide production credentials. If the skill had declared the env requirement and a verifiable source, this would be closer to benign; the missing metadata plus unknown source is why this is suspicious.
Review Dimensions
- Purpose & Capability
- concernThe SKILL.md describes exactly the expected capabilities for a gspread-based Sheets helper (read/write/batch/worksheet management). However, the skill metadata lists no required environment variables or credentials while the instructions explicitly require a Google service-account JSON (and suggest exporting GOOGLE_SERVICE_ACCOUNT_JSON). That metadata/instruction mismatch is an incoherence the publisher should justify.
- Instruction Scope
- noteThe runtime instructions are focused on Google Sheets operations and do not ask the agent to read unrelated system files or exfiltrate data. They do instruct the agent/user code to read a service-account JSON from a path or the environment variable GOOGLE_SERVICE_ACCOUNT_JSON — which is necessary for the stated purpose but is not declared in the registry metadata.
- Install Mechanism
- okThis is instruction-only (no install spec or code files). It only recommends pip installing public packages (gspread, google-auth) which is proportionate and expected.
- Credentials
- concernThe skill requires a Google service-account key (private key material) to function. That is a sensitive credential but is proportionate to the task. The concern: the registry metadata does not declare this required secret (primaryEnv missing), and the recommended OAuth scopes include both spreadsheets and Drive — Drive scope can broaden access. The skill will need access to the JSON file or env var containing the private key; users should treat that as high-sensitivity.
- Persistence & Privilege
- okThe skill does not request persistent inclusion (always:false) and has no install steps that modify other skills or system-wide settings. Autonomous invocation is allowed (platform default) but is not combined with other elevated privileges here.