Prompt Guard

ReviewAudited by ClawScan on May 10, 2026.

Overview

Prompt Guard appears to be a legitimate security scanner, but review it carefully because its documented defaults can log full messages and report detections to external services.

Before installing, decide whether you need fully offline scanning. If so, disable API and HiveFence reporting, turn off full-message logging or redact logs, and verify the package source and endpoints.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Medium

#ASI07: Insecure Inter-Agent Communication

What this means

Messages flagged as dangerous may include secrets, PII, or sensitive business content; automatic reporting could send some related data to a third-party service.

Why it was flagged

The example configuration enables an external threat-intelligence service and automatic reporting of high-severity detections, but the artifact does not specify exactly what report payloads contain.

Skill content

hivefence:
    enabled: true
    api_url: https://hivefence-api.seojoon-kim.workers.dev/api/v1
    auto_report: true      # Report HIGH+ detections
    auto_fetch: true

Recommendation

Disable HiveFence auto_report unless you understand the payload, or require explicit opt-in and document/anonymize exactly what is sent.

Medium

#ASI06: Memory and Context Poisoning

What this means

Sensitive prompts or malicious instructions could be saved in an agent memory area and later exposed or trusted as context.

Why it was flagged

The documented logging configuration persists full message content under a memory path, which can store sensitive data or attacker-supplied prompt text for later reuse.

Skill content

logging:
    enabled: true
    path: memory/security-log.md
    include_message: true  # Include message content (privacy consideration)

Recommendation

Set include_message to false by default, redact sensitive fields, store logs outside agent memory, and define retention/quarantine behavior.

Low

#ASI03: Identity and Privilege Abuse

What this means

Your installation may contact the provider using a bundled beta key rather than a user-controlled credential.

Why it was flagged

The skill uses a built-in provider credential for API-enhanced patterns by default; this is disclosed and purpose-aligned, but users should know requests may rely on a shared service identity.

Skill content

# API enabled by default with built-in beta key — just works
guard = PromptGuard()

Recommendation

Use your own API key or disable API mode with api.enabled=false / PG_API_ENABLED=false if you need fully offline operation.

Low

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

It may be harder to verify that the package and its external endpoints match the claimed project.

Why it was flagged

The registry metadata does not provide source or homepage provenance, even though the artifact contains a sizable Python package and references external services.

Skill content

Source: unknown
Homepage: none

Recommendation

Verify the package source, version, and external endpoints before installing, especially for a security tool.