DriftGuard Security Scanner+
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: driftguard Version: 0.3.1 DriftGuard is a security utility designed to detect risky code patterns and track integrity drift in local directories or OpenClaw skill bundles. It performs file system traversal, SHA-256 hashing, and regex-based pattern matching (defined in scripts/rules.js) to identify potential vulnerabilities like shell execution, network access, and sensitive file exposure (e.g., .env, SSH keys). The tool operates entirely locally, providing human-readable reports and review tickets (scripts/reporters.js) to facilitate manual security audits, and lacks any evidence of data exfiltration, obfuscation, or malicious intent.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If pointed at a large or sensitive folder, the scanner may read and summarize local files that were not intended for review.
The skill exposes a local Node CLI that scans a user-supplied filesystem path. This is central to the scanner's purpose, but the user controls the scope and should avoid unintentionally scanning broad private directories.
node {baseDir}/scripts/cli.js scan <path>Run it only against the repo, skill, or tool folder you intend to review, and inspect output before using it for CI or trust decisions.
Generated reports may contain file paths, findings, hashes, metadata, or snippets from local project files.
Reports or review tickets can include quoted lines from scanned files. This is useful and explicitly treated as untrusted evidence, but it may persist private project details if reports are shared or committed.
Evidence line (quoted, untrusted data): ${quoteUntrustedEvidence(finding.line)}Store reports and baselines in a private location, do not publish them without review, and continue treating quoted target content as untrusted.