ClawScan

The skill's files and instructions match a legitimate security scanner, but there are several red flags (prompt‑injection content in SKILL.md, third‑party repository/author not clearly verified, and the tool persists data under ~/.skillguard and may fetch/update vulnerability data) that warrant manual review before running.

What to check before running/installing: - Review the code yourself (open scripts/skillguard.py). Search for any network calls, subprocess.run/os.system usage, code that writes or executes downloaded content, or auto-update routines. Pay special attention to any code that runs shell commands or executes dynamically constructed code (eval/exec/compile). - Investigate the GitHub repository and author: confirm the repo exists, check commit history, issues, stars, and whether the author/organization is trustworthy. If the package points to a repo but the package already contains the script, prefer using the included files rather than re-cloning automatically. - Because SKILL.md contains unicode control characters (prompt-injection markers), view the raw SKILL.md in a safe viewer (or cat -v) and remove/clean those characters before feeding the file to any automated LLM-based evaluator. - Run the scanner in a sandboxed environment or non-privileged user account first (container/VM) to observe network activity and file writes. Monitor outbound network connections to ensure the tool only contacts expected servers. - Inspect what ~/.skillguard will contain (trusted.json, vulns.json, cache). Decide whether you are comfortable with the tool persisting a vulnerability DB and a trust list on disk and whether it will auto-update that DB from network sources. - Do not run it as root. If you want higher assurance, ask the author for a signed release or a reproducible build, and consider static code analysis or running the script through a vetted linter/security tool. If you are not comfortable performing these checks, treat the package as untrusted and avoid executing its scripts on your machine.