Argus — Code Intelligence Scanner
PassAudited by ClawScan on May 10, 2026.
Overview
Argus appears to be a coherent local code scanner, but users should run it on an explicit project path and avoid the system-wide pip install command as written.
Before installing, run it only against the project you intend to scan by setting SOURCE_PATH explicitly. Use a Python virtual environment instead of the provided system-wide pip command, and review any optional JSON output because scan findings may reveal locations of sensitive code issues.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run from a broad directory, it may inspect and report on more local code than the user intended.
The scanner can recursively inspect local source files from the current directory by default. This is expected for a code scanner, but users should ensure the directory is intentionally scoped.
description: "Path to a .py or .js file, or a directory to scan recursively. Defaults to current directory."
Set SOURCE_PATH to the specific project or file you want scanned, and avoid running it from your home directory or other broad private locations.
Installing this way could affect the system Python environment or pick up a future package version with different behavior.
The setup step installs an unpinned external Python package and uses --break-system-packages, which can modify the system-managed Python environment. The step is disclosed and user-directed, so this is a supply-chain/environment note rather than evidence of malicious behavior.
pip3 install rich --break-system-packages --quiet
Install dependencies in a virtual environment, avoid --break-system-packages where possible, and consider pinning the Rich package version.