DriftGuard Security Scanner+
AdvisoryAudited by Static analysis on May 5, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If pointed at a large or sensitive folder, the scanner may read and summarize local files that were not intended for review.
The skill exposes a local Node CLI that scans a user-supplied filesystem path. This is central to the scanner's purpose, but the user controls the scope and should avoid unintentionally scanning broad private directories.
node {baseDir}/scripts/cli.js scan <path>Run it only against the repo, skill, or tool folder you intend to review, and inspect output before using it for CI or trust decisions.
Generated reports may contain file paths, findings, hashes, metadata, or snippets from local project files.
Reports or review tickets can include quoted lines from scanned files. This is useful and explicitly treated as untrusted evidence, but it may persist private project details if reports are shared or committed.
Evidence line (quoted, untrusted data): ${quoteUntrustedEvidence(finding.line)}Store reports and baselines in a private location, do not publish them without review, and continue treating quoted target content as untrusted.