Guardrails
ReviewAudited by ClawScan on May 10, 2026.
Overview
Guardrails is a coherent security-helper skill, but it scans workspace context and may send that context plus your answers to OpenAI or Anthropic to generate policies.
This skill appears purpose-aligned and not malicious. Before installing, be comfortable with local workspace scanning and with sending discovery data/interview answers to your chosen LLM provider; review the generated GUARDRAILS.md before allowing it to be written.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Workspace details and your interview answers may leave your machine and be processed by OpenAI or Anthropic.
The guardrails generator sends workspace discovery data, risk classification, and interview answers to an external LLM provider when configured. This is disclosed and purpose-aligned, but it is still a sensitive data flow.
Reads {discovery, classification, answers} JSON from stdin, uses an LLM to generate a full GUARDRAILS.md document... OPENAI_API_KEY -> OpenAI API... ANTHROPIC_API_KEY -> Anthropic APIUse this only with a provider and API key you trust, and avoid putting secrets in interview answers or workspace files that will be scanned.
Private workspace notes or prior agent context could be summarized into discovery output and used when generating guardrails.
Discovery reads previews from persistent workspace context files. This supports guardrail generation, but those files may contain private notes or instructions that influence generated policy.
important_files=("USER.md" "MEMORY.md" "AGENTS.md" "GUARDRAILS.md" "TOOLS.md" "SOUL.md" "BOOTSTRAP.md" "HEARTBEAT.md") ... preview=$(read_first_lines "$filepath" 20)Review sensitive workspace files before setup, and keep secrets out of USER.md, MEMORY.md, and similar agent context files.
Your OpenAI or Anthropic account may be used and billed for question or policy generation.
The skill uses provider API keys from the environment for LLM generation. There is no evidence of hardcoded keys or unrelated credential use.
openai_key = os.environ.get("OPENAI_API_KEY") ... anthropic_key = os.environ.get("ANTHROPIC_API_KEY")Set only the provider key you intend to use, monitor provider usage, and remove the key from the environment when no longer needed.
Installing and running setup/review can change the policy files that guide future agent behavior.
The skill mutates persistent workspace files, but the instructions require user review and confirmation before writing.
Present the generated GUARDRAILS.md for review ... Ask for confirmation before writing to workspace ... Write GUARDRAILS.md to workspace root ... Save guardrails-config.json to workspace root
Read the generated GUARDRAILS.md carefully before approving the write.
Setup may fail if dependencies are missing, and package installation depends on the user's Python package source.
The skill has manual runtime prerequisites and an unpinned pip install recommendation, while there is no install spec to enforce or pin them.
Prerequisites... Python 3... Bash... jq... Python scripts that call LLM providers require `requests`: `python3 -m pip install requests`
Install dependencies from trusted package repositories and consider pinning versions in your own environment.