Senseguard

ReviewAudited by ClawScan on May 10, 2026.

Overview

Prompt-injection indicators were detected in the submitted artifacts (ignore-previous-instructions); human review is required before treating this skill as clean.

This skill appears safe to use for its stated purpose if you are comfortable running its local Python scanner. Limit scans to intended skill directories, remember that quoted attack strings are examples, and clear or avoid the local cache when auditing sensitive private skills. ClawScan detected prompt-injection indicators (ignore-previous-instructions), so this skill requires review even though the model response was benign.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Low

#ASI01: Agent Goal Hijack

What this means

A malicious skill being scanned could try to influence the model context during analysis.

Why it was flagged

Layer 2 deliberately places untrusted target-skill content into an LLM analysis prompt. That is central to a semantic security scanner, but it is still a prompt-injection exposure that should be handled as quoted evidence only.

Skill content

Skill full content:
---
{full_content}
---

Analyze for the following threats and output ONLY valid JSON

Recommendation

Treat scanned skill text only as evidence for the audit, and do not let instructions inside the scanned content trigger unrelated actions.

Low

#ASI02: Tool Misuse and Exploitation

What this means

The scanner will read files from the selected skill path, and '--target all' can inspect multiple installed skills.

Why it was flagged

The skill runs a local Python scanner and can read all installed skill directories. This is purpose-aligned and user-directed, but it is still a broad local scanning capability.

Skill content

python3 scripts/scanner.py --target <skill-name-or-path>

Options:
- `--target all` — scan all installed skills

Recommendation

Run it only against skill directories you intend to audit, and avoid pointing it at unrelated private folders.

Low

#ASI06: Memory and Context Poisoning

What this means

Audit context or evidence from scanned skills may remain in the local SenseGuard cache.

Why it was flagged

Scan results are cached, and when Layer 2 is used the cached result can include the generated prompt derived from scanned skill content. This is local persistence, not external transfer.

Skill content

"layer2_prompt": layer2_prompt,
        "score_breakdown": [
...
    # Store in cache
    cache.store(skill_dir, result, content_hash)

Recommendation

Use '--no-cache' for sensitive scans where possible and remove the local SenseGuard cache if scanned content should not persist.

Info

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

Installation or execution may require local Python environment support that is not reflected in the registry requirements.

Why it was flagged

The metadata under-declares the runtime shape of the skill because the documented workflow uses local Python scripts. The provided artifacts do not show a remote installer or hidden dependency execution.

Skill content

Required binaries (all must exist): none ... Install specifications: No install spec — this is an instruction-only skill. Code file presence: 6 code file(s)

Recommendation

Review the included scripts before running and ensure required Python modules are available from trusted sources.