MessageGuard
Analysis
MessageGuard appears to be a coherent protective outgoing-message filter, with disclosed caveats around message interception, optional local logging, and verifying the external clone source.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.
The filter is a standalone Python script that acts as a **gate** between the agent's intent to send a message and the actual `message` tool call.
The skill is designed to control the outbound message path and may mask, warn, or block messages before sending. This is the stated protective purpose, but it affects user-visible communication.
Clone the repository: `git clone git@github.com:AndrewAndrewsen/MessageGuard.git`.
The installation guidance points users to an external GitHub repository rather than a declared install spec. The clone is user-directed, but users should verify the repository provenance before running the script.
Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.
Detection log format (`log_path`, JSONL): `{"ts": "2026-02-24T13:00:00Z", "channel": "discord_general", "blocked": true, "detections": [{"name": "jwt_token", "action": "block", "snippet": "eyJhbGc…"If logging is enabled, the skill persists channel information and snippets of detected sensitive values. This is disclosed and optional, but the log can still contain sensitive context.