OpenClaw Safety Guard
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill’s documented CLI use is mostly purpose-aligned, but its packaged metadata does not match the registry listing and it relies on an external CLI that may use API keys and local files.
Review the publisher/package mismatch before installing. If you proceed, verify the Homebrew formula, use dedicated API keys, and only scan files or URLs you are comfortable sharing with the configured providers.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You may not be able to confirm that the installed skill package corresponds to the registry entry and publisher you intended to trust.
This included package metadata conflicts with the supplied registry metadata, which lists a different owner ID and the slug "claw-guard-skill". That mismatch makes the package identity/provenance unclear.
"ownerId": "kn70pywhg0fyz996kpa8xj89s57yhv26", "slug": "summarize"
Resolve the metadata mismatch before installation, and verify the Homebrew formula/source for safety-guard from a trusted publisher.
The CLI may consume API quota, incur costs, or access provider features using keys you place in the environment.
The skill documents use of third-party provider credentials. This is expected for a model-backed CLI, but it gives the CLI access to use those accounts.
Set the API key for your chosen provider: - OpenAI: `OPENAI_API_KEY` - Anthropic: `ANTHROPIC_API_KEY` - xAI: `XAI_API_KEY` - Google: `GEMINI_API_KEY`
Use only the provider key you intend, prefer least-privilege or dedicated keys, and monitor usage/billing.
Private files, URLs, or YouTube-derived content you ask the skill to check may leave your machine for provider processing.
The examples combine local file processing with model/provider use and optional external extraction services. This appears purpose-aligned, but selected content may be processed by external services.
safety-guard "/path/to/file.pdf" --model google/gemini-3-flash-preview ... `--firecrawl auto|off|always` ... `--youtube auto` (Apify fallback if `APIFY_API_TOKEN` set)
Only run it on files and links you are comfortable sending to the configured provider or optional extraction service.