Skillv1.0.0

ClawScan security

PMS Task · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 3, 2026, 5:24 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions would interact with a specific GitHub repo and Google Sheets but the package metadata does not declare the required CLI tools or credentials, creating an incoherent and potentially risky mismatch.
Guidance: This skill will run gh and gog CLI commands that create GitHub issues and edit two specific Google Sheets. Before installing, confirm: (1) you or the agent will have authenticated GitHub CLI and Google Sheets CLI access — the skill does not declare or request credentials explicitly; (2) you are OK with the skill creating issues in repo roshanasingh4/apni-pathshala-pms and assigning them to user roshanasingh4; (3) you trust updates to the two Sheet IDs listed (verify the IDs correspond to the intended documents); (4) test in a sandbox account/repo or with read-only access if possible. Ask the publisher to update the skill metadata to declare required binaries (gh, gog, jq) and the credential expectations, and to remove or parameterize hard-coded assignees and emails. These changes would reduce ambiguity and raise confidence.

Review Dimensions

Purpose & Capability: concernSKILL.md's stated purpose is to create GitHub issues and update Google Sheets. The runtime instructions call out the GitHub CLI (gh) and a 'gog' CLI for Sheets and reference a specific repo (roshanasingh4/apni-pathshala-pms), two Google Sheet IDs, hard-coded assignees and reporter email. However, the skill metadata declares no required binaries, no required environment variables, and no primary credential — a mismatch: creating issues and editing Sheets requires authenticated CLI access, so the declared requirements are incomplete and inconsistent with the actual actions.
Instruction Scope: concernThe instructions explicitly tell the agent to run commands that will create issues in a specific GitHub repo and mutate two specific Google Sheets. They also instruct to parse sheet contents (to increment task IDs) and to append/update cells. While these actions fit the described purpose, the instructions assume pre-existing authenticated CLIs and hard-code external resource identifiers and assignees, which expands the skill's effective privileges without declaring them. There is no step to prompt the user to confirm credentials or ownership of the target repo/sheets before making changes.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files, so nothing will be downloaded or written to disk by the skill bundle itself. That lowers installation risk compared to pull-and-execute installers.
Credentials: concernThe workflow requires access to GitHub (gh) and Google Sheets (gog) credentials or authenticated CLI sessions, but the skill declares no env vars or primary credential. It also hard-codes repository, sheet IDs, an assignee (roshanasingh4) and an assigned email (tarasinghrajput7261@gmail.com) — these are external account targets that the user may not intend to grant access to. The lack of declared credential requirements is disproportionate and unclear.
Persistence & Privilege: okThe skill is not marked always:true and does not request to modify other skills or system-wide agent settings. Autonomous invocation is allowed (platform default) but there is no indication of additional persistent privileges in the bundle itself.