google-docs-skill

clawhub:google-docs-skill

View source

55/100

First Seen

Feb 18, 2026

Last Scanned

Feb 22, 2026

Findings

Score

55/100

HIGH 3

Findings (3)

HIGH

Cloud credential endpoint SSRF_007

ssrf-cloud L83

Detects cloud provider token and credential endpoints

oauth2.googleapis.com/token

FIX

Block access to cloud instance metadata services using IMDSv2 token requirements, network rules, or iptables. This is a critical vector for credential theft in cloud environments.

FP?

Likely FP if the match is in security documentation explaining how to protect against SSRF/IMDS attacks rather than code that accesses the metadata service.

HIGH

Cloud credential endpoint SSRF_007

ssrf-cloud L111

Detects cloud provider token and credential endpoints

oauth2.googleapis.com/token

FIX

Block access to cloud instance metadata services using IMDSv2 token requirements, network rules, or iptables. This is a critical vector for credential theft in cloud environments.

FP?

Likely FP if the match is in security documentation explaining how to protect against SSRF/IMDS attacks rather than code that accesses the metadata service.

HIGH

Cloud credential endpoint SSRF_007

ssrf-cloud L358

Detects cloud provider token and credential endpoints

oauth2.googleapis.com/token

FIX

Block access to cloud instance metadata services using IMDSv2 token requirements, network rules, or iptables. This is a critical vector for credential theft in cloud environments.

FP?

Likely FP if the match is in security documentation explaining how to protect against SSRF/IMDS attacks rather than code that accesses the metadata service.