Skill Guard Pro
PassAudited by ClawScan on May 10, 2026.
Overview
Skill Guard Pro is a coherent, user-invoked static scanner, with expected local file scanning and optional ClawHub downloading but no artifact-backed malicious behavior.
This appears reasonable to install if you want a static scanner for ClawHub skills. Run it only on skill directories you mean to inspect, remember that static scanning can miss issues, and manually verify any network endpoints or high-impact findings before trusting its install recommendation.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using --skill may contact ClawHub through the local CLI and place downloaded content in a temporary directory for scanning.
The scanner can invoke the local ClawHub CLI to download a user-named skill before scanning it. This is disclosed and purpose-aligned, and it avoids shell=True, but it is still an external command users should recognize.
subprocess.run(["clawhub", "download", skill_name, "--no-install"], cwd=temp_dir, capture_output=True, text=True, timeout=30)
Use this mode only for skills you intend to inspect, and keep the clawhub CLI installed from a trusted source.
A scan report could overstate the safety of some URLs, so users should not rely on the 'known safe' label alone.
The URL safety check uses substring matching, so a domain containing a whitelisted name as a substring could be labeled 'known safe' even if it is not actually that domain.
return any(safe in domain for safe in SAFE_DOMAINS)
Manually verify flagged and unflagged network endpoints; the maintainer should use exact host or subdomain matching instead of substring matching.