Wip File Guard
PassAudited by ClawScan on May 1, 2026.
Overview
The artifacts describe and implement a local guard hook that blocks certain overwrites of identity or memory files, with no evidence of hidden network access, credential use, or destructive behavior.
This skill appears safe for its stated purpose if you want a persistent local guard against accidental overwrites of identity and memory files. Before installing, verify the npm package/source, review the protected filename and path patterns, and know how to remove the hook if it blocks legitimate edits.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
After installation, the agent may be blocked from overwriting or making large replacements in files whose names or paths match the guard rules.
The hook intentionally denies some Write/Edit tool calls for protected files, directly controlling agent tool behavior.
if (toolName === 'Write') { ... deny(`BLOCKED: Write tool on ${match} is not allowed. Use Edit to make specific changes.`);Review the protected filenames, path patterns, and line-removal thresholds before enabling the hook, and adjust them if they are too broad for your workspace.
The guard remains active across relevant agent tool-use events until the hook/plugin configuration is removed.
The plugin registers a lifecycle hook that continues running before tool use once installed.
"lifecycle": { "before_tool_use": "./guard.mjs" }Install it only if you want persistent file-edit blocking, and keep track of where it is registered so you can disable it when needed.
The install path is understandable, but users should make sure the npm package and repository are the intended ones before installing.
The registry-level provenance fields do not identify a source or homepage, even though the included package files reference an npm package and GitHub repository.
Source: unknown; Homepage: none
Verify the npm package name, publisher, and repository URL, especially because the displayed registry provenance is incomplete.
The local guard can inspect edit payload text for protected memory or identity files, although the artifacts show no storage or transmission of that content.
For Edit operations, the hook receives the old and new text snippets for protected files, which may include identity, memory, journal, or context content.
const oldString = toolInput.old_string || ''; const newString = toolInput.new_string || '';
Use a trusted local installation and review the protected patterns if your memory or journal files contain especially sensitive content.