OpenClaw Safety Guard
ReviewAudited by ClawScan on May 10, 2026.
Overview
This skill claims to be a safety guard, but its package metadata and runnable implementation do not line up, so it should be reviewed before trusting it or giving it API keys.
Review this skill before installing or relying on it. Verify the publisher, fix the metadata mismatch, and inspect the actual safety-guard executable/source before running commands or setting real API keys. If testing, use nonsensitive inputs and limited provider credentials.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
You may not be reviewing or installing the skill you think you are, or the package may have been assembled from unrelated artifacts.
The bundled metadata does not match the evaluated skill identity, which is safety-guard-skill version 1.0.1 in the registry/SKILL.md. This creates provenance and package-integrity ambiguity.
"ownerId": "kn70pywhg0fyz996kpa8xj89s57yhv26", "slug": "summarize", "version": "1.0.0"
Do not rely on the skill until the publisher fixes the metadata to match the registry and release artifacts.
A user or agent could run a command whose actual implementation is not part of the reviewed package.
The skill instructs use of a safety-guard executable, but the supplied artifacts include no code files and no install spec for that executable. Running it would depend on an unreviewed local or external command.
safety-guard "https://example.com" --model google/gemini-3-flash-preview
Require the package to include or clearly pin the executable source and install path before running the documented commands.
Users may develop a false sense of security and rely on a guardrail that is not verifiably present in the package.
This is a strong safety assurance, but the reviewed artifacts do not contain the implementation needed to verify that blocking behavior.
Analyzes user input and blocks harmful content, dangerous commands, and prompt injection attacks.
Treat the safety claims as unverified until the implementation, tests, and install mechanism are available for review.
Those keys can authorize provider usage and potential costs if used by the CLI.
The skill asks users to configure provider API keys. This is expected for model-backed analysis, and the artifacts do not show hardcoded secrets, logging, or unrelated credential use.
Set the API key for your chosen provider: OpenAI: `OPENAI_API_KEY` ... Anthropic: `ANTHROPIC_API_KEY` ... Google: `GEMINI_API_KEY`
Use limited-scope or test keys where possible and monitor provider usage, especially until the executable is reviewed.
Sensitive files or URLs could be sent to external services if the user chooses those inputs.
The documented workflow may process user-selected files, URLs, or YouTube content through model and extraction providers. The providers are disclosed, but retention and data-handling boundaries are not described.
safety-guard "/path/to/file.pdf" --model google/gemini-3-flash-preview ... `--firecrawl auto|off|always` ... `--youtube auto` (Apify fallback if `APIFY_API_TOKEN` set)
Avoid testing with private documents or sensitive URLs until the data flow and provider handling are documented.