Clawscan V2

The skill's purpose and most of its contents align with a security scanner, but several inconsistencies and a prompt-injection signal in SKILL.md plus persistent local config make it worth manual review before installing.

This skill appears to be a genuine security scanner (pattern DB, CLI usage, and a bundled Python script). However: 1) Do NOT run the script as root. 2) Inspect the full scripts/skillguard.py source yourself (particularly for subprocess calls, network code, or any code that reads other users' home files). The package bundle you were shown was truncated — obtain and review the full file from the claimed repository. 3) The SKILL.md contains unicode control characters — open the file in a hex-capable editor and confirm there's nothing hidden. 4) Verify provenance: prefer a well-known maintainer or a verified repo; the repo/user referenced looks like a personal account. 5) If you want to try it, run it in an isolated sandbox/container and monitor network calls (e.g., with a firewall) before granting access to real skill directories or secrets. If you are unsure, ask the publisher for a cryptographic signature or more provenance information and wait for an authoritative release.