ClawHub

Gemini

v1.0.0

Gemini CLI for one-shot Q&A, summaries, and generation.

48· 28.8k·1.3k current·1.4k all-time
byPeter Steinberger@steipete
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (Gemini CLI for Q&A/summaries/generation) match the SKILL.md instructions which invoke a local 'gemini' binary. However the top-level registry metadata claims no required binaries or install spec, while SKILL.md's embedded metadata lists requires: ['gemini'] and a brew install for 'gemini-cli' — this mismatch is disproportionate and should be resolved.
Instruction Scope
Runtime instructions are narrowly scoped: they show example gemini commands, mention a login flow if auth is required, and warn against an unsafe flag (--yolo). The instructions do not request reading unrelated files, environment variables, or sending data to unexpected endpoints.
Install Mechanism
SKILL.md embeds a brew install (formula 'gemini-cli') which is a low-risk, common install method. The registry-level metadata, however, reported 'No install spec' — this inconsistency is notable. If you plan to install, verify the brew formula/tap and upstream project (check maintainers, tap URL, and release page) before installing.
Credentials
No environment variables, credentials, or config paths are requested, which is proportionate for a CLI wrapper that delegates auth to the CLI's interactive login flow.
Persistence & Privilege
Skill does not request always:true or any elevated persistence. It is user-invocable and can be invoked autonomously (platform default), which is expected for a functional skill.
What to consider before installing
This skill appears to be an instruction-only wrapper for a local 'gemini' CLI and is otherwise narrow in scope — but double-check before proceeding: - Confirm the discrepancy: the SKILL.md claims it needs the 'gemini' binary and offers a brew install ('gemini-cli'), yet the registry metadata lists no requirements. Ask the publisher to clarify or update metadata. - Only install the CLI from a trusted source. Inspect the brew formula (tap URL, maintainers, and source tarball) or install from an official release page (e.g., Google-backed project) and verify checksums. - If the CLI prompts you to authenticate, verify what account/provider is used and what tokens/permissions are granted. Prefer interactive auth flows over pasting secrets into a skill. - If you cannot verify the origin of the 'gemini' binary or brew formula, avoid installing it system-wide; consider running in an isolated environment (container or VM) first. If you want, I can: (a) summarize the metadata mismatch to share with the skill publisher, (b) help locate the official gemini-cli brew formula/source for verification, or (c) suggest safer alternatives if you prefer not to install additional software.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bzrf509nny5wnpzk3jxhmvs7yjywm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

♊️ Clawdis
Binsgemini

Install

Install Gemini CLI (brew)
Bins: gemini
brew install gemini-cli

Comments