safe-guard

This skill appears to implement what it claims (static scanner, LLM checklist, sandbox, and a PreToolUse hook), but there are red flags that justify extra caution: - Keyword segmentation and many `# noscan` markers: the code fragments keywords (e.g., '.a'+'ws', 'bash'+'rc') to avoid static detection. While the author may claim this prevents false positives, the same technique is commonly used by malware to evade scanners. Ask the author to justify why segmentation is needed and request a version without obfuscation for review. - PreToolUse hook is high-impact: installing the skill will register a hook that runs on tool calls and can block them. Only enable this in environments where you can tolerate a gatekeeper script; prefer scan-only or sandbox-test modes first. - Review permissions and local settings: inspect .claude/settings.local.json and hooks/hooks.json to ensure no platform-level permission escalations or overly permissive allowed commands are being granted implicitly. - Run tests in an isolated environment: before enabling the hook in your main agent, run the skill on non-sensitive sample skills in a disposable VM or container to observe behavior. Use the sandbox-run and quick-scan locally and verify outputs. - Validate source provenance: the package has no homepage and an unknown owner. Prefer code from auditable, known sources or ask the publisher for a transparency statement and reproducible build steps. If you need a short checklist to proceed safely: (1) ask the author why obfuscation is used; (2) run quick_scan.py and sandbox_run.py locally on a copied sample; (3) do not enable hooks in production until reviewed; (4) consider limiting the hook to 'scan-only' or requiring explicit user confirmation before allowing the hook to persist.