Back to skill
Skillv1.0.1
ClawScan security
Google Workspace CLI · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewFeb 26, 2026, 7:03 PM
- Verdict
- Review
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The SKILL.md describes a legitimate Google Workspace CLI, but the registry metadata omits the binaries/env/configs the instructions require and the skill relies on an external npm package and 'embedded credentials' by default — this mismatch and the embedded-credentials behavior warrant caution.
- Guidance
- This skill appears to be a real CLI wrapper for Google Workspace, but there are two red flags you should consider before installing: (1) the registry metadata does not reflect the requirements the SKILL.md lists (it omits the 'gw' install, env vars, and token paths), and (2) the CLI defaults to using the package's embedded OAuth credentials unless you provide your own. Installing the npm package runs third-party code with your user privileges and will store OAuth tokens under ~/.11x/gworkspace/. Before proceeding: review the GitHub repository and the npm package contents (look at package.json and source), avoid using the embedded client by setting your own GOOGLE_CLIENT_ID/SECRET, or test in a disposable environment, and verify the registry metadata is corrected so automated permission checks are accurate.
Review Dimensions
- Purpose & Capability
- noteThe listed purpose (Drive/Docs/Sheets access via a 'gw' CLI) matches the SKILL.md commands and workflows. However the registry metadata provided to the platform claims no required binaries, env vars, or config paths, while the SKILL.md explicitly requires the 'gw' CLI (npm package), optional OAuth client ID/secret env vars, and specific token/config file paths — an inconsistency between declared metadata and the runtime instructions.
- Instruction Scope
- noteThe instructions are scoped to installing the CLI, authenticating via OAuth, and performing Drive/Docs/Sheets operations. They instruct the agent/user to run browser-based auth and reference a token file (~/.11x/gworkspace/token.json). They do not ask to read unrelated system files. One noteworthy item: SKILL.md states 'embedded credentials used by default' (i.e., the package's own OAuth client), which changes trust assumptions and should be explicitly called out before use.
- Install Mechanism
- noteInstallation is via a global npm package ('npm i -g @11x.agency/gworkspace') referenced in SKILL.md. The registry has no formal install spec despite this instruction. A scoped npm package is a common distribution method but installing global npm packages executes third-party code with user privileges — review the package source (the GitHub repo is listed) before installing.
- Credentials
- concernThe SKILL.md declares optional env vars for GOOGLE_CLIENT_ID/GOOGLE_CLIENT_SECRET (and aliases), which are appropriate for OAuth. However the defaults rely on 'embedded credentials' owned by the package author — that means authentication will be performed through a third-party client unless the user supplies their own secrets. Token and config files are stored under ~/.11x/gworkspace/ and will contain sensitive tokens. Additionally, the platform-level metadata omits these env/config requirements, which is a transparency issue.
- Persistence & Privilege
- okThe skill does not request always:true or other elevated platform privileges. It writes its own token/config under the user's home directory (expected for an OAuth CLI). There is no indication it modifies other skills or global agent settings.