Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Gemini Sub-Agent
v1.0.0Use Google Gemini as a free sub-agent via a Google One / Gemini Advanced subscription (no API key or API credits needed). Use when: (1) delegating tasks that...
⭐ 0· 398·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's description matches its behavior (wrapping Gemini CLI as a sub-agent). However the declared metadata lists no required binaries or env vars while the included setup.sh requires Node.js 18+, the gemini CLI (npm @google/gemini-cli) and gcloud — a clear mismatch between claimed requirements and actual needs.
Instruction Scope
SKILL.md explicitly instructs installing system-level packages and performing OAuth flows that create long-lived ADC credentials. It also recommends agentic coding with gemini -y (auto-approves file writes and shell commands), which grants the CLI permission to read/write arbitrary files — this is coherent with 'agentic coding' but expands the skill's authority to the host filesystem and can be unsafe if run on sensitive systems.
Install Mechanism
Installation is via the provided scripts: global npm install of @google/gemini-cli and adding Google's APT repo + apt-get install google-cloud-cli. Sources used (npm package and packages.cloud.google.com) are official, not arbitrary URLs, but the script writes to system paths (/usr/local/bin, /etc/apt/...) and will require elevated privileges to succeed. The manifest had no separate install spec despite shipping a setup script.
Credentials
No unrelated credentials are requested in metadata. The skill relies on Google Application Default Credentials (ADC) created by gcloud auth flows; credentials are stored in $HOME/.config/gcloud/application_default_credentials.json and are described as 'cached indefinitely'. This is expected for using a Google-subscribed CLI but is high-impact: those tokens may grant broad access to the authenticated Google account/project if scopes are not limited.
Persistence & Privilege
always is false and the skill is user-invocable (normal). The setup script installs a wrapper to /usr/local/bin and configures system apt sources; it therefore requests system-level persistence and requires root to install globally. It does not modify other skills' configs. The combination of global install + long-lived credentials increases blast radius if run on shared/production hosts.
What to consider before installing
Before installing: (1) Expect to need Node.js 18+ and root privileges — the manifest does not declare these but setup.sh requires them. (2) The script adds Google's apt repo and globally installs the gemini CLI via npm and writes /usr/local/bin/ask-gemini — run it only on a throwaway VM or container, not on a production server. (3) The authentication flow creates long-lived ADC tokens at $HOME/.config/gcloud/application_default_credentials.json; consider using a dedicated Google account with minimal scopes, and inspect the scopes granted during the OAuth flow. (4) Be cautious with agentic usage: gemini -y auto-approves file writes and commands — this can modify arbitrary files. If you need the capability, prefer sandboxing (container/VM), review the wrapper script, and do not run it where secrets or sensitive data reside. (5) If uncertain, ask the skill author for: an updated manifest declaring required binaries/privileges, the exact OAuth scopes used, and guidance for least-privilege installation (containerized option).Like a lobster shell, security has layers — review code before you run it.
latestvk970kcbqzf00474j2mja3fp2wh822crq
License
MIT-0
Free to use, modify, and redistribute. No attribution required.