Gemini Sub-Agent
WarnAudited by ClawScan on May 10, 2026.
Overview
This is a mostly disclosed Gemini integration, but its recommended coding mode lets Gemini modify files and run shell commands without per-action approval.
Install only if you are comfortable trusting Google Gemini CLI and Google Cloud CLI on this machine. Treat the `-y` yolo coding mode as high risk: use it only in a sandbox or disposable project copy, and do not pipe secrets or sensitive documents into Gemini unless that is allowed for your data.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Gemini could change project files or run shell commands in the working directory without asking for each action, which can damage files, run unsafe commands, or make unintended changes.
The skill recommends an execution mode that removes per-action approval for file writes and shell commands by an external model-driven agent.
`GOOGLE_GENAI_USE_GCA=true gemini -m gemini-2.5-pro -y -p "write a script that..."` ... `-y` = yolo mode (auto-approves all file writes and shell commands). Gemini reads/writes files autonomously.
Avoid `-y` unless running in a disposable checkout, container, or tightly scoped directory; require manual review for file changes and commands whenever possible.
Installation trusts the current upstream Gemini CLI and Google Cloud CLI packages and may alter system package configuration or overwrite `/usr/local/bin/ask-gemini`.
The setup script installs upstream packages without pinned versions and modifies system-level locations; this is aligned with the stated setup but expands trust to those package sources.
npm install -g @google/gemini-cli ... curl -fsSL https://packages.cloud.google.com/apt/doc/apt-key.gpg ... apt-get install -y google-cloud-cli ... WRAPPER_PATH="/usr/local/bin/ask-gemini"
Review the script before running, install from trusted package sources, consider pinning versions, and run it only on machines where system-wide package changes are acceptable.
A machine with these cached credentials can continue using the linked Google account for this workflow until the credentials are revoked or removed.
The skill requires persistent Google OAuth/application-default credentials for the Gemini CLI, which is expected for this integration but grants ongoing delegated account access.
Complete Gemini CLI OAuth: `GOOGLE_GENAI_USE_GCA=true gemini -p "hello"` ... Credentials are cached indefinitely and auto-refresh.
Use a dedicated Google account or project if possible, understand the OAuth scopes, protect the host, and revoke/remove application-default credentials when no longer needed.
If you pipe private files, secrets, source code, or reports into `ask-gemini`, that content is sent to Google Gemini for processing.
The wrapper forwards the prompt and any piped stdin content to the Gemini CLI/provider, which is central to the skill but means selected local content leaves the local machine.
STDIN_DATA=$(cat) ... FULL_PROMPT="${PROMPT:+$PROMPT$'\n'}$STDIN_DATA" ... exec gemini -m "${MODEL:-gemini-3.1-pro-preview}" -p "$FULL_PROMPT"Only send content you are allowed to share with Google Gemini, and avoid piping secrets or sensitive documents unless your privacy and compliance requirements allow it.