DriftGuard Security Scanner+
PassAudited by ClawScan on May 5, 2026.
Overview
DriftGuard appears to be a purpose-aligned local scanner, but it can read user-selected folders and write local reports or baselines that may contain project details.
This skill is reasonable to install if you want a local drift scanner. Use it on specific repos or skill folders, keep generated reports/baselines private, and treat its findings as review aids rather than a guarantee of safety.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If pointed at a large or sensitive folder, the scanner may read and summarize local files that were not intended for review.
The skill exposes a local Node CLI that scans a user-supplied filesystem path. This is central to the scanner's purpose, but the user controls the scope and should avoid unintentionally scanning broad private directories.
node {baseDir}/scripts/cli.js scan <path>Run it only against the repo, skill, or tool folder you intend to review, and inspect output before using it for CI or trust decisions.
Generated reports may contain file paths, findings, hashes, metadata, or snippets from local project files.
Reports or review tickets can include quoted lines from scanned files. This is useful and explicitly treated as untrusted evidence, but it may persist private project details if reports are shared or committed.
Evidence line (quoted, untrusted data): ${quoteUntrustedEvidence(finding.line)}Store reports and baselines in a private location, do not publish them without review, and continue treating quoted target content as untrusted.