Skillv1.1.1

ClawScan security

Google Sheets Agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 7, 2026, 5:46 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill largely does what it says (service-account access to Google Sheets) but has inconsistencies and a few unexpected behaviors you should review before installing.
Guidance: This script appears to implement service-account access to Google Sheets as claimed, but exercise caution: it requires a Google service-account JSON key (sensitive) even though the registry metadata does not declare it. The code will try three key sources: GOOGLE_SA_KEY_JSON, GOOGLE_SA_KEY_FILE, or running the 1Password CLI (op). Note the script calls op with a hard-coded vault name (--vault AbundanceM) which is not documented — this looks like an author-specific artifact and may cause failures or unexpected behavior. Before installing: (1) verify the script source and consider running it locally to inspect it; (2) create a dedicated, least-privileged Google service account scoped only to the sheets/drive resources you need; (3) avoid reusing high-privilege keys and consider using GOOGLE_SA_KEY_FILE/GLOBAL env instead of storing keys in third-party vault access invoked by the skill; (4) if you rely on 1Password, either update the script to reference your vault or remove the 1Password fallback; (5) confirm you trust the publisher — the metadata mismatch (no declared envs) and the hard-coded vault make this skill worth manual review before granting access to any sensitive credentials.

Review Dimensions

Purpose & Capability: noteName/description match the actual code: the script implements JWT service-account auth and Sheets/Drive API calls without external deps. However registry metadata claims 'required env vars: none' and 'primary credential: none' while the code expects a service account key (via GOOGLE_SA_KEY_JSON, GOOGLE_SA_KEY_FILE, or 1Password). This metadata omission is an inconsistency.
Instruction Scope: concernSKILL.md and the script instruct the agent to load a service-account key from an env var, a local file, or by invoking the 1Password CLI. The script runs a child_process exec: op document get "Google Service Account - sheets-reader" --vault AbundanceM. That external command call and the hard-coded vault name are noteworthy: they will fail unless the user has op configured and that vault exists, and the vault name is not documented in SKILL.md. The script otherwise only contacts Google OAuth/token and Sheets/Drive APIs (expected).
Install Mechanism: okInstruction-only skill with an included Node.js script; no install spec and no downloads. No archives or third-party package installs — low install risk.
Credentials: concernThe skill requires a Google service account key (sensitive) but the registry lists no required env or primary credential. The code supports GOOGLE_SA_KEY_JSON and GOOGLE_SA_KEY_FILE but these were not declared. It also relies on the 1Password CLI as a fallback and calls it with a hard-coded vault name ('AbundanceM'), which is not justified in the SKILL.md. Requesting the service account key is expected for the stated purpose, but the metadata omission and hard-coded 1Password vault are disproportionate/opaque.
Persistence & Privilege: okalways is false and the skill does not request persistent system privileges or modify other skills. It caches tokens in memory only and does not write files to disk.