MayGuard
PassAudited by ClawScan on May 10, 2026.
Overview
MayGuard is a local, user-run static scanner with no hidden network, credential, or persistence behavior, but its safety ratings are only heuristic.
This skill appears safe to install as a local helper, but use it only on selected skill folders and treat its report as a basic heuristic. A SAFE result does not guarantee that another skill is trustworthy.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user points the scanner at a broad or private directory, it may read many local files and report matched filenames/patterns.
The tool recursively reads files from a user-supplied local path. This is expected for a static scanner, but the path is not otherwise constrained to skill directories.
parser.add_argument("path", help="The path to the skill directory to audit.") ... for root, dirs, files in os.walk(target_path): ... content = f.read()Run it only on the specific downloaded skill directory you intend to audit.
Users could over-trust a SAFE result and install a risky skill that does not match the scanner's limited patterns.
The documentation uses strong assurance language and safety labels for a heuristic scanner. A clean result should not be interpreted as proof that another skill is safe.
performs deep static analysis ... Allows users to verify a skill's integrity ... Status: SAFE, CAUTION, SUSPICIOUS, DANGEROUS
Treat MayGuard as one quick check, not a substitute for manual review or a stronger security scanner.