Senseguard

SenseGuard appears to implement the scanner it claims to be, but there are privacy and persistence trade-offs you should consider before installing: - It reads many text files (including .env and other config-like files) when scanning to detect exfiltration and credential access — expect sensitive values to be read during scans. - The tool caches scan results to ~/.openclaw/senseguard/cache.json. That cache can contain evidence snippets and generated prompts; inspect or encrypt/relocate the cache if you don't want scan artifacts stored in your home directory, or run with --no-cache. - Semantic (Layer 2) analysis is performed by sending a constructed prompt to an LLM (the agent). If you enable deep/Layer 2 scanning or allow autonomous model invocation, the full skill content can be transmitted to the LLM provider. If that is unacceptable, avoid deep scans or run the tool in an isolated environment and/or ensure the LLM endpoint is trusted. - The SKILL.md contains example malicious phrases (prompt-injection test cases) which triggered the pre-scan detector — this is expected for a scanner, not proof of malicious intent. Recommendations before installing or running: - Review the source files yourself (they are bundled) and verify the cache path and contents. - Run initial scans in a controlled environment (sandbox or VM) and use --no-cache when scanning sensitive skills. - If you need semantic Layer 2 analysis, decide whether your LLM provider and data-handling policies are acceptable for sending full skill content. - If you have low tolerance for persistent artifacts, consider editing CacheManager to encrypt the cache or change the cache file location before use. If you want, I can (a) point out exact lines that write/store layer2_prompt or evidence to the cache/report, (b) show how to run the scanner without Layer 2 or without caching, or (c suggest a minimal patch to avoid persisting evidence text in the cache.