Skillv0.1.0

ClawScan security

Gemini Google Search · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 3:26 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill does what its name says (uses the Gemini/Google Search grounding) but its metadata and instructions are inconsistent about required credentials and tools (1Password/op), which could lead to unexpected secret access or misconfiguration.
Guidance: This skill appears to implement Gemini/Google-backed search correctly, but the package metadata fails to declare the credentials and tools it actually needs. Before installing or running it: 1) Expect to provide GEMINI_API_KEY or GOOGLE_API_KEY or permit a 1Password lookup; confirm the registry/author updates metadata to list these explicitly. 2) If using 1Password non-interactively, inspect any secrets.env and ensure the contained service-account token has minimal scope — a service token could allow the skill to read other vault items. 3) Ensure the `op` CLI is installed and that you trust the vault/item names the script will access. 4) Be aware queries are sent to Google/Gemini (billing/quota applies). If you have sensitive local search needs, prefer the documented local-web-search alternative. If you want higher assurance, ask the author to: add required env vars to registry metadata, declare the dependency on the `op` binary, and document exactly which 1Password item/field is needed so you can limit vault access.

Review Dimensions

Purpose & Capability: concernThe code and SKILL.md clearly implement Gemini/Google Search grounding via google-genai and require an API key, which matches the skill's stated purpose. However, the registry metadata declares no required environment variables or binaries while the runtime actually requires GEMINI_API_KEY or GOOGLE_API_KEY (or a 1Password lookup) and implicitly expects the `op` CLI for 1Password access. That metadata omission is an incoherence that can mislead users about what secrets/tools are needed.
Instruction Scope: concernThe SKILL.md and script limit runtime actions to obtaining an API key (env or 1Password), calling the Google GenAI SDK, and printing answers/sources. This stays within the stated search purpose. However, the instructions reference a workspace `secrets.env` providing a 1Password service-account token and recommend non-interactive 1Password access; that implies the skill may access vault items beyond a single declared item if misconfigured. The skill also expects and executes the `op` CLI via subprocess without declaring it in metadata.
Install Mechanism: okNo remote downloads or obscure installers are used. The wrapper creates a local venv and installs the single dependency google-genai from PyPI (requirements.txt). This is proportional and uses standard tooling.
Credentials: concernThe skill needs an API key (GEMINI_API_KEY or GOOGLE_API_KEY) or a 1Password item, but the registry lists no required env vars or primary credential — a mismatch. The SKILL.md's suggestion that `secrets.env` contains a 1Password service-account token is particularly sensitive: if present, it could let the skill (via `op`) access many vault items. The skill does not exfiltrate keys in its output, but requesting access to 1Password and relying on an unlisted service-account token is a significant privilege that should be declared and controlled.
Persistence & Privilege: okThe skill is not always-enabled, does not request persistent system-wide changes, and only creates a venv under its own directory. It does not modify other skills or global agent config. Autonomous invocation is allowed by default (normal) but not combined with other high-risk flags here.