Guardian Angel
ReviewAudited by ClawScan on May 10, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (ignore-previous-instructions, you-are-now); human review is required before treating this skill as clean.
Before installing, decide whether you want an ethics plugin that can block or escalate tool use, review its logging retention and approval settings, and verify the plugin source because the registry metadata provides limited provenance. ClawScan detected prompt-injection indicators (ignore-previous-instructions, you-are-now), so this skill requires review even though the model response was benign.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If examples are not clearly treated as inert text, an agent could misread them, but the available context frames them as prompt-injection defenses.
Prompt-injection style phrases are present, but the surrounding artifacts describe them as defensive detection examples rather than instructions to follow.
- "Ignore previous instructions" / "forget your instructions"
Keep prompt-injection examples clearly labeled as examples and do not treat quoted attack strings as authoritative instructions.
The skill may pause, block, or require approval for actions the user asks the agent to take.
The skill can gate and block tool calls, which is high-impact control over the agent, but it is explicitly disclosed as the core safety function.
`before_tool_call` hook — Evaluates actions immediately before execution ... Blocking capability — Can prevent tool execution entirely
Review the escalation thresholds and exempt/always-block tool lists before enabling the plugin.
Users may have less ability to verify the publisher, source repository, or update history of the plugin code.
The package has limited provenance information while also containing plugin code, so users have less external context for trust and maintenance.
Source: unknown; Homepage: none
Install only if you trust the publisher/package source, and inspect the plugin files in your environment before enabling enforcement.
Local logs could contain private context about decisions, requests, or blocked actions.
The skill is configured to retain local evaluation logs and reasoning, which may include sensitive details about user actions or intentions.
"logging": { "enabled": true, "log_disposition_state": true, "log_triggered_evaluation": true, "include_virtue_reasoning": true, "retain_days": 30 }Check where logs are stored, who can read them, and whether the 30-day retention period is acceptable for your use case.
Once enabled, the skill may continue gating actions across sessions until disabled.
The plugin is intended to activate on gateway startup and continue enforcing tool-call checks after installation; this is persistence, but it is disclosed and purpose-aligned.
api.on("gateway_start", () => runStartupDiagnostics(api), { priority: 0 });Confirm there is a clear disable/uninstall path and keep the plugin’s enabled setting under user control.