Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
ClawGuard-Detector
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This security skill is purpose-aligned in concept, but it overstates its protection and automatically invokes an unbundled external learning module that can persist command/file details into future safety behavior.
Review this skill carefully before installing. Its threat-detection purpose is reasonable, but the provided implementation does not fully match the real-time protection claims, and it can invoke an undeclared external learning module that persists behavior across sessions. Only use it if you can inspect that dependency, limit what it monitors, and control or disable persistent auto-learning.
Static analysis
Prompt injection instructions
Warn
- Finding
- Prompt-injection style instruction pattern detected.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
#
ASI09: Human-Agent Trust Exploitation
Medium
What this means
Users may believe they have active runtime blocking and monitoring when the included implementation mostly provides manual checks and logging stubs.
Why it was flagged
This contradicts the README/SKILL claims that the detector runs continuously and analyzes every executed command, creating a risk that users over-trust protection that is not actually implemented in the provided code.
Skill content
// In production, would hook into command execution // For now, provide methods to check commands
Recommendation
Treat this as advisory tooling unless the publisher provides implemented runtime hooks, accurate documentation, and clear evidence of real enforcement behavior.
#
ASI05: Unexpected Code Execution
High
What this means
If an unexpected or modified sibling file exists at that path, this skill could execute code outside the reviewed package whenever a threat is detected.
Why it was flagged
On each detected threat, the CLI automatically launches a Node process for a sibling module that is not included in this skill's manifest or install spec.
Skill content
const safetyCliPath = path.join(__dirname, '../self-improving-safety/cli.js'); ... spawn(process.execPath, [safetyCliPath, 'learn'], {Recommendation
Do not install unless the external self-improving-safety dependency is supplied, reviewed, pinned, and clearly declared; otherwise disable or remove the automatic spawn behavior.
#
ASI06: Memory and Context Poisoning
Medium
What this means
Sensitive command details or misleading patterns could be stored and reused later, potentially causing false blocks or leaking context into future safety decisions.
Why it was flagged
The skill explicitly describes persisting learned rules from detected activity, which can affect future sessions and may be influenced by untrusted command or prompt content.
Skill content
**Continuous Improvement**: These rules are persisted to prevent similar attack vectors in future sessions.
Recommendation
Require user review before persisting learned rules, redact secrets from logs, document retention, and provide a clear way to inspect and delete learned safety state.
#
ASI03: Identity and Privilege Abuse
Low
What this means
The detector may need visibility into commands, file paths, logs, and network activity that could include private or secret information.
Why it was flagged
These broad local-observation permissions are understandable for a threat detector, but they can expose sensitive operational data and are not reflected in the registry requirements.
Skill content
Read access to OpenClaw process logs - Command history access - Network monitoring capabilities (optional) - File system monitoring (optional)
Recommendation
Run it only in environments where such monitoring is acceptable, and confirm exactly which logs, histories, and file/network events it can access.