Argus Lite — Code Scanner (Free)
PassAudited by ClawScan on May 10, 2026.
Overview
This looks like a straightforward local Python-file scanner, but users should be aware it installs an unpinned Python package and may display snippets from scanned code.
This skill appears safe for local use if you trust the pip package installation step. Prefer running it in a Python virtual environment, set SOURCE_PATH to the exact Python file you want scanned, and be careful sharing results because they may include snippets of your code or secrets.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the setup could install or change Python packages on the user's machine, depending on their Python environment.
The skill asks the user to install an unpinned PyPI dependency and bypass system-package protections. This supports the scanner UI, but it changes the local Python environment.
pip3 install rich --break-system-packages --quiet
Install in a virtual environment and consider pinning a known-safe version of 'rich' instead of using '--break-system-packages'.
Scan output may reveal parts of the scanned code, including secrets if the file contains them and the output is shared.
The scanner reads the selected Python file and stores matched line snippets, which may include sensitive source code or hardcoded secrets.
source = target.read_text(encoding="utf-8", errors="replace") ... findings.append({"id":rule_id,"severity":sev,"category":category,
"line":lineno,"code":line.strip()[:80],"message":message,"fix":fix})Use SOURCE_PATH for only the intended file and avoid sharing scan output publicly if it contains code or secret snippets.