Security Audit
gcloud
github.com/Mrc220/agent_flywheel_clawdbot_skills_and_integrationsTrust Assessment
gcloud received a trust score of 72/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 1 finding: 1 critical, 0 high, 0 medium, and 0 low severity. Key findings include Skill grants broad, unconstrained access to Google Cloud Platform.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on June 1, 2026 (commit 6a655802). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Skill grants broad, unconstrained access to Google Cloud Platform The 'gcloud' skill provides direct access to the Google Cloud CLI, enabling management of virtually all GCP resources. This includes highly sensitive operations such as modifying IAM policies, creating service account keys, accessing secrets, and performing arbitrary data transfers. If the underlying execution environment (e.g., the service account used by the agent) has broad GCP permissions, this skill can be leveraged by a malicious prompt to perform privilege escalation (e.g., via `gcloud projects add-iam-policy-binding` or `gcloud iam service-accounts keys create`), data exfiltration (e.g., via `gcloud storage cp` or `gcloud secrets versions access`), resource destruction, or to create backdoors. The documentation explicitly showcases commands for these high-risk operations, demonstrating the extensive capabilities exposed. 1. **Principle of Least Privilege**: Ensure the underlying GCP service account or user executing 'gcloud' commands has the absolute minimum necessary permissions. Avoid granting 'Owner', 'Editor', or broad administrative roles. 2. **Fine-grained Access Control**: Implement granular IAM policies that restrict the agent's ability to create/delete critical resources, modify IAM policies, or access sensitive data/secrets. 3. **Input Validation/Sanitization**: If the agent constructs 'gcloud' commands from user input, rigorously validate and sanitize all inputs to prevent command injection. 4. **Auditing and Monitoring**: Log all 'gcloud' command executions and monitor for suspicious activity. 5. **Restrict Sensitive Commands**: Consider if the agent truly needs access to commands like 'gcloud iam', 'gcloud secrets', or 'gcloud storage cp/rsync' to fulfill its intended purpose. If not, these capabilities should be explicitly blocked or removed from the skill's allowed operations. | LLM | SKILL.md:235 |
Scan History
Embed Code
[](https://skillshield.io/report/4ecdf9a021e78226)
Powered by SkillShield