AI Safety Guard
ReviewAudited by ClawScan on May 9, 2026.
Overview
This is an instruction-only privacy guard with no code or credential requirements, but it gives the agent broad discretion to allow, anonymize, or block outgoing data.
This skill appears coherent and instruction-only, with no code or installation risk shown. Install it if you want the agent to apply a broad privacy policy to outbound data, but remember that it may silently anonymize, cancel, or allow sensitive transmissions based on its rules rather than asking every time.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may apply this policy whenever it is about to send data outside the conversation, potentially changing how external actions are performed.
The skill intentionally governs many types of outbound actions. This is aligned with a privacy guard, but it is broad enough that users should know it can affect external sends across multiple channels.
TRIGGER: before the AI sends or outputs any data to an external destination (API call, email, MCP, upload, post, share, webhook, clipboard copy that goes external etc.).
Use this skill only if you want a broad outbound-data guard, and verify important external sends when the content or destination is sensitive.
Some outgoing data may be masked or blocked automatically, which could affect messages, uploads, API calls, or other external actions.
The skill gives the agent discretion to alter or block outgoing data without first asking the user. This matches the privacy purpose, but it changes normal task execution behavior.
The AI decides: ... Anonymize the data if a useful partial form exists ... Proceed silently ... Silently cancel
Review the policy before relying on it for sensitive workflows, and check final external communications when exact content matters.
If a workflow involves passwords, tokens, cookies, or keys, the agent may decide whether to block, mask, or allow transmission based on these rules.
The skill explicitly reasons about high-sensitivity secrets. It does not request or store them, and the instruction is mostly protective, but users should understand that secret-handling decisions are part of the policy.
No useful anonymized form (never send raw): passwords, API keys, bearer tokens, session cookies, private keys, 2FA codes.
Avoid sending secrets through general-purpose agent workflows unless absolutely necessary, and confirm destinations carefully before asking the agent to transmit them.