Lieutenant - AI Agent Security
ReviewAudited by ClawScan on May 10, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (ignore-previous-instructions); human review is required before treating this skill as clean.
This skill looks coherent for AI-agent security scanning. Before installing or using it, decide whether to keep scans local or use the remote API, avoid sending secrets to external services unless approved, and verify the external SDK/repository that provides the missing scanner module. ClawScan detected prompt-injection indicators (ignore-previous-instructions), so this skill requires review even though the model response was benign.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Text scanned in API mode leaves the local machine and is sent to an external service.
When the user selects `--api`, the text being scanned is posted to the configured TrustAgents API. This is disclosed and purpose-aligned, but scanned content may contain sensitive data.
payload = {"text": text} ... requests.post(f"{api_url}/verify/text", json=payload, headers=headers, timeout=30)Use local scanning for secrets or private content unless you trust the provider and have reviewed its data handling terms.
The skill can use your TrustAgents API key for remote scanning requests if you provide one.
The script reads an optional provider API key and sends it as an authentication header when API mode is used. This is expected for the integration and no credential leakage beyond the provider call is shown.
api_key = os.environ.get("TRUSTAGENTS_API_KEY") ... headers["X-API-Key"] = api_keyProvide only the intended API key, keep it scoped where possible, and avoid exposing it in logs or shared shell history.
Running the CLI may execute dependency code that is not included in the reviewed skill files.
The included CLI depends on a `lieutenant` Python module that is not present in the provided manifest, so the core scanner implementation comes from external or local code outside this review.
sys.path.insert(0, str(PROJECT_ROOT / "src")) from lieutenant.scanner import ThreatScanner
Install only from trusted sources, review or pin the `lieutenant`/SDK dependency, and verify the expected repository or package before running the scripts.
If enabled, interaction logs may retain user or agent messages, including untrusted or sensitive content.
The documented A2A middleware example keeps an audit log of interactions. This can be useful for security review, but retention and storage details are not described in the artifact.
log_interactions=True, # Keep audit log ... print(lieutenant.get_interaction_log())
Enable audit logging only when needed, understand where logs are stored, and avoid retaining sensitive conversations longer than necessary.