ClawHub

🦒 Giraffe Guard — 长颈鹿卫士

PassAudited by ClawScan on May 10, 2026.

Overview

Giraffe Guard appears to be a purpose-aligned local security scanner, but it reads selected directories, may clone user-supplied repositories, and its reports can include sensitive snippets.

This skill looks reasonable for local security auditing. Before installing or running it, verify the package/source, run it only on directories or repositories you intend to scan, and handle verbose/JSON/SARIF outputs as potentially sensitive because they may include credential or private-key findings.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Low
#ASI02: Tool Misuse and Exploitation
What this means

The script can read and analyze files under whatever target directory the user or agent provides.

Why it was flagged

The skill's main capability is a user-invoked shell script that scans a user-specified local directory. This is expected for the scanner's purpose, but the supplied path controls what local files are inspected.

Skill content
{baseDir}/scripts/audit.sh --verbose --context 3 --whitelist whitelist.txt --skip-dir node_modules /path/to/skills
Recommendation

Run it only against intended skill or repository directories, and review the target path before allowing an agent to invoke it.

Low
#ASI04: Agentic Supply Chain Vulnerabilities
What this means

If used with a remote URL, the tool will make a network request and download repository contents for scanning.

Why it was flagged

Pre-install mode can fetch a user-supplied git repository into a temporary directory before scanning. Hooks are disabled and installation is not run, but it still relies on an external source selected at runtime.

Skill content
git clone --depth 1 --config core.hooksPath=/dev/null "$TARGET_DIR" "$PRE_INSTALL_TMPDIR/repo"
Recommendation

Use pre-install mode only with repositories you intentionally select, and verify the repository URL/source before scanning.

Low
#ASI06: Memory and Context Poisoning
What this means

Terminal output, JSON, SARIF, or CI logs could expose secret-looking strings found in local files.

Why it was flagged

The scanner can show line context for findings and includes rules for credentials/private keys. Reports or verbose output may therefore contain sensitive snippets from scanned files.

Skill content
`--verbose` mode shows matching line context ... `sensitive-file-leak` | Private keys/credentials
Recommendation

Avoid publishing verbose reports publicly; treat scan outputs as sensitive if they include credential or private-key findings.

Info
#ASI10: Rogue Agents
What this means

If you add the suggested policy, future skill installs may be blocked based on this scanner's results.

Why it was flagged

The README suggests a user-directed persistent workflow policy that can affect future skill activation decisions. This is security-aligned and disclosed, but it changes future agent behavior if adopted.

Skill content
Add to your `TOOLS.md` to enforce scanning on every skill install ... Exit 2  block activation, notify user
Recommendation

Add this TOOLS.md rule only if you want that enforcement behavior, and keep a clear user-review or override process for findings.