Skill Guard
ReviewAudited by ClawScan on May 10, 2026.
Overview
Skill Guard appears to be a simple local keyword-based security scanner; it reads user-selected files and may show matching snippets, so treat its results as advisory.
This skill is reasonable to install as a lightweight local scanner, but only run it on directories you intend to audit. Do not rely on its SAFE result as a complete security verdict, and be careful because its output can include snippets from scanned files, including possible secrets.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If pointed at a broad location such as a home directory or private repository, the agent may read many local source/config files and include matching snippets in the result.
The scanner accepts a caller-provided path and recursively walks it. This is central to a local security scanner, but there is no built-in path allowlist, so scope depends on the caller.
def scan(path: str) -> Dict: return SkillGuard(path).scan() ... for root, _, files in os.walk(self.path):
Use it only on the specific skill or code directory you intend to audit, not on broad private directories unless that is deliberate.
A scan of files containing real secrets or prompt-like malicious text could reveal those snippets to the agent/model output.
The scanner looks for credential-like keywords and copies up to 60 characters of matched lines into its report. That is useful for auditing, but may place sensitive fragments or untrusted text from scanned files into the agent context.
(["password", "api_key", "api-key", "token", "secret", "credential", "apikey", "private_key", "access_key", "client_secret"], "凭证泄露", "🔴 严重") ... code=line.strip()[:60]
Avoid scanning files with live secrets when possible, review outputs before sharing them, and treat returned code snippets as quoted evidence rather than instructions.
Users might over-trust a SAFE result and install code that uses risk patterns not covered by this simple scanner.
The SAFE result is derived from simple substring matching against configured patterns. A green result means no listed pattern was found, not that the skill is fully proven safe.
if p.lower() in line.lower(): ... else: status, level = "✅ 安全", "SAFE"
Use this as a preliminary screen only; combine it with manual review and more complete static/security tooling for unknown or high-impact skills.