Auth Guard
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may believe all external API actions are automatically protected when only integrated code paths are actually guarded.
This promises global, highest-priority, non-bypassable enforcement, but the artifacts show a library/CLI that other skills must voluntarily integrate and the registry has no automatic install/enforcement hook.
所有外部 API 操作必须经过用户明确授权。这是最高优先级的安全层,确保没有任何自动化可以擅自使用你的授权。
Reword the skill to clearly state its limits, list exactly which integrations are protected, and avoid claiming universal protection unless enforcement is technically implemented.
Any local automation or agent able to run this CLI or write the decision file could approve requests, undermining the intended explicit-user-authorization barrier.
The approve command creates an authorization decision file based only on a request_id, with no visible authentication, human-presence check, or request_id path validation.
decision_path = os.path.expanduser(f"~/.auth_guard/decisions/{args.request_id}.json") ... "approved": True ... json.dump(decision, f, indent=2)Do not expose approval commands to autonomous agents; validate request IDs, restrict directory permissions, and require an out-of-band user-authenticated approval channel.
A documented protection mode may fail or be unavailable, causing users to rely on a guard that is not actually enforcing checks in that path.
The documentation advertises an HTTP server module, but the supplied manifest contains no auth_guard/server.py or package directory, so this central integration path is not supported by the reviewed artifacts.
python -m auth_guard.server --port 8765
Include the server implementation and tests, or remove the HTTP API instructions until they are accurate and reviewable.
Request parameters may include private email, calendar, or business data and could be shared with the webhook provider.
Authorization details, including params, are sent to a configured webhook for notification.
message = self._build_notification_message(request_id, service, action, params, reason, requester, priority) ... requests.post(webhook_url, json=message, timeout=10)
Use only trusted webhook endpoints and redact secrets or sensitive payload fields before sending notifications.
Local audit logs can reveal which services and actions were requested, and may expose sensitive operational history if the account or filesystem is shared.
The skill intentionally persists an audit trail of authorization activity in the user's home directory.
所有授权请求都会记录到 `~/.auth_guard/audit_log.jsonl`
Review retention settings, lock down file permissions on ~/.auth_guard, and avoid logging sensitive parameters or tokens.