AANA Guardrail Skill
PassAudited by VirusTotal on May 2, 2026.
Overview
Type: OpenClaw Skill Name: aana Version: 1.0.0 The skill bundle defines a safety guardrail system (AANA) designed to validate agent actions before execution, particularly for sensitive tasks like handling private data or processing refunds. It instructs the agent to use a local CLI tool (scripts/aana_cli.py) to evaluate 'agent_event' JSON objects against safety policies. The instructions are focused on risk mitigation and lack any indicators of malicious intent, data exfiltration, or unauthorized system access.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent may fail, or it may run an unintended local script with access to the event data.
The core workflow depends on a helper script, but the supplied package is instruction-only with no code files or install specification, leaving the executable source and provenance unreviewed.
python scripts/aana_cli.py agent-check --event path/to/agent_event.json
Do not rely on this skill until the CLI implementation is included or installed from a pinned, trusted source and the path being executed is clear.
Private details could remain in local JSON files or be exposed to an unverified checker implementation.
The skill directs the agent to serialize potentially sensitive context into a local event file, but does not specify redaction, storage location, retention, cleanup, or how the data is handled by the missing CLI.
using private account, billing, payment, or personal data ... Create an event JSON file ... "user_request" ... "candidate_action" ... "available_evidence"
Use only minimal necessary context, avoid secrets, store event files in a temporary protected location, and require clear cleanup and data-handling rules.
Users may overtrust the skill as an enforceable safety guardrail when the reviewed artifacts do not demonstrate enforcement.
The description makes strong safety claims, but the provided artifacts contain only instructions and an absent CLI reference, so the claimed protection is not verifiable from the package.
Monitors agent actions for safety and compliance, preventing violations, private data leaks, or irreversible steps
Treat it as a design stub until the actual guardrail implementation, rules, and data-handling behavior are available for review.