critical
suspicious.exposed_secret_literal
- Location
- SKILL.md:116
- Finding
- File appears to expose a hardcoded API secret or token.
Google Docs Skill
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.exposed_secret_literal
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
NoteHigh Confidence
ASI03: Identity and Privilege AbuseWhat this means
Anyone or any agent with these tokens could use the granted Google Docs API permissions until the token is revoked.
Why it was flagged
The skill requires Google OAuth credentials, including a refresh token. This is expected for Google Docs integration, but it grants delegated account access and is not reflected in the registry credential metadata.
Skill content
export GOOGLE_CLIENT_SECRET="your-client-secret" export GOOGLE_REFRESH_TOKEN="your-refresh-token"
Recommendation
Use a dedicated OAuth client if possible, keep tokens out of chat and logs, store them only in a secure local environment, and revoke the refresh token when no longer needed.
NoteHigh Confidence
ASI02: Tool Misuse and ExploitationWhat this means
Mistaken or overly broad instructions could modify the wrong Google document or insert unintended content.
Why it was flagged
The skill documents direct Google Docs batchUpdate calls, which can change document content. This matches the stated purpose but is a mutating account action.
Skill content
f'https://docs.googleapis.com/v1/documents/{doc_id}:batchUpdate',
data=data,
method='POST'Recommendation
Confirm the target document ID and requested edits before running update operations, and prefer small reversible changes.
NoteHigh Confidence
ASI05: Unexpected Code ExecutionWhat this means
Running copied code locally can expose OAuth codes or tokens if the code is modified or executed in an untrusted environment.
Why it was flagged
The one-time OAuth setup uses a local Python script that opens a browser and listens on localhost to capture the authorization code. This is standard OAuth plumbing and user-directed, not automatic installation behavior.
Skill content
webbrowser.open(auth_url) ... server = HTTPServer(('localhost', 8080), OAuthHandler)Recommendation
Review the setup snippet before running it, run it only on a trusted machine, and ensure the redirect URI and token endpoint are Google's official endpoints.