AANA Guardrail Skill
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is meant to be a safety checker, but it asks the agent to run a missing Python helper and write potentially private task details into event files.
Review this skill before installing. It is not clearly malicious, but it is incomplete for its stated purpose: verify the missing AANA CLI, confirm exactly what happens to event files, and avoid including secrets or sensitive account details until the implementation is available and trusted.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may fail, or it may run an unintended local script with access to the event data.
The core workflow depends on a helper script, but the supplied package is instruction-only with no code files or install specification, leaving the executable source and provenance unreviewed.
python scripts/aana_cli.py agent-check --event path/to/agent_event.json
Do not rely on this skill until the CLI implementation is included or installed from a pinned, trusted source and the path being executed is clear.
Private details could remain in local JSON files or be exposed to an unverified checker implementation.
The skill directs the agent to serialize potentially sensitive context into a local event file, but does not specify redaction, storage location, retention, cleanup, or how the data is handled by the missing CLI.
using private account, billing, payment, or personal data ... Create an event JSON file ... "user_request" ... "candidate_action" ... "available_evidence"
Use only minimal necessary context, avoid secrets, store event files in a temporary protected location, and require clear cleanup and data-handling rules.
Users may overtrust the skill as an enforceable safety guardrail when the reviewed artifacts do not demonstrate enforcement.
The description makes strong safety claims, but the provided artifacts contain only instructions and an absent CLI reference, so the claimed protection is not verifiable from the package.
Monitors agent actions for safety and compliance, preventing violations, private data leaks, or irreversible steps
Treat it as a design stub until the actual guardrail implementation, rules, and data-handling behavior are available for review.