DepGuard
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using a malicious or malformed license key could potentially run unintended local commands when Pro or Team features validate the license.
A decoded license JWT payload, ultimately controlled by the configured license key, is interpolated directly into Python code executed with python3 -c. A crafted payload containing quotes or code syntax could change what the interpreter runs during license checks.
payload=$(decode_jwt_payload "$key") ... tier=$(extract_field "$payload" "tier") ... python3 -c "import json; print(json.loads('$json').get('$field', ''))"Do not interpolate JSON or paths into interpreter source strings. Pass data via stdin, files, environment variables, or argv; properly escape values; and verify JWT signatures before trusting license claims.
A user may believe dependency names and versions never leave the machine, when the underlying audit tools may contact external registries or vulnerability databases.
The implementation invokes native audit tools such as npm audit, pip-audit, safety, govulncheck, composer audit, and similar commands. Those tools may query external vulnerability services with package metadata, so the blanket privacy statement is under-disclosed.
- All scanning happens locally using native audit tools - No code or dependency data is sent externally
Clarify which audit tools may use network services, what dependency metadata they may send, and provide an explicit offline mode or user approval before networked audits.
Scans and fixes can reveal dependency metadata to provider tools and auto-fix can change package versions or lockfiles.
Delegating to package-manager audit and fix tools is central to the skill's purpose, but these commands can affect project dependencies and may interact with external package ecosystems.
Runs native audit commands (npm audit, pip-audit, cargo audit, etc.) ... `depguard fix [directory]` Auto-fix vulnerabilities by upgrading to patched versions where available.
Run scans/fixes only in intended project directories, review package and lockfile diffs, and avoid auto-fix on critical branches without version control.
After installation, commits that modify lockfiles may be blocked until vulnerabilities are addressed or the hook is bypassed.
The hook configuration persists a pre-commit action that sources the skill scanner and runs on lockfile changes. This is disclosed and scoped to the repository, with an uninstall path.
pre-commit: ... source "$DEPGUARD_SKILL_DIR/scripts/scanner.sh" ... do_scan . ... fail_text: Dependency vulnerabilities detected!
Install hooks only in repositories where this behavior is desired, keep the skill directory protected from tampering, and use the documented uninstall command if continuous checks are no longer wanted.
The skill can access the configured DepGuard license key locally for feature gating.
The skill reads a DepGuard license key from either an environment variable or the OpenClaw config. This is declared and expected for paid features.
OPENCLAW_CONFIG="${HOME}/.openclaw/openclaw.json" ... DEPGUARD_LICENSE_KEY="${DEPGUARD_LICENSE_KEY:-}" ... cfg.get('skills', {}).get('entries', {}).get('depguard', {}).get('apiKey', '')Store the license key only in the intended OpenClaw config or environment variable, and avoid sharing logs or terminal output that may expose configuration details.