Semantic Shield
PassAudited by ClawScan on May 1, 2026.
Overview
Semantic Shield appears to be a coherent instruction-only security-check service, but it relies on a vendor API key, external lookups, and vendor trust claims that users should treat as advisory.
This skill looks safe to install as an instruction-only integration, provided you are comfortable using a third-party safety-scoring service. Before use, create or use a revocable Semantic Shield API key, monitor quota usage, and submit only public or non-sensitive skill information. Treat its safety scores as advisory rather than a replacement for your own review when installing high-impact tools.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this key can make requests as your Semantic Shield account and may consume your lookup or inquiry quota.
The skill requires a vendor API key tied to the user's account. This is expected for the service, but it grants account-authenticated lookup and inquiry usage.
`SEMANTIC_SHIELD_API_KEY` is **always required** ... scoped to your Semantic Shield account only ... revoke and regenerate
Use a dedicated, revocable API key if available, monitor account usage, and avoid placing other secrets in skill names, providers, URLs, or prompts.
Autonomous or frequent use could consume monthly quota or submit a public skill URL to the vendor service.
The documented API operations are the core function of the skill, but some calls spend quota and may submit public skill information for evaluation.
GET /shield/api/v1/check ... Full trust details (costs 1 lookup) ... POST /shield/api/v1/validate ... Submit skill for expert evaluation (costs 1 inquiry)
Use the search/check/validate workflow intentionally, and require user confirmation before submitting non-public or business-sensitive skill identifiers or URLs.
Skill names, providers, and public URLs you submit may leave your environment and become part of a public safety registry.
The skill sends limited skill metadata to an external provider and may create public safety verdicts. The boundary is disclosed and appears purpose-aligned.
Only skill identifiers (`skill_id`), provider names (`provider`), and optionally a public skill URL (`skill_url`) ... Skill safety assessments are stored in the Semantic Shield registry and are available to all users
Submit only public skill information unless you are comfortable with the vendor seeing it and the resulting safety assessment being public.
A user or agent might over-rely on the service's verdicts when deciding whether to install or run another skill.
The skill makes strong authority and safety-review claims. These claims are central to the product and not contradicted by the artifacts, but users should not treat them as absolute proof of safety.
Every skill in the Semantic Shield registry is vetted by US-based security experts with 30+ years of enterprise experience — including work for US Homeland Security. No AI-only reviews. 100% REAL human experts.
Treat Semantic Shield results as one input to a security decision, especially for high-impact installs, enterprise environments, or tools with broad permissions.