ClawGuard
ReviewAudited by ClawScan on May 10, 2026.
Overview
Prompt-injection indicators were detected in the submitted artifacts (ignore-previous-instructions); human review is required before treating this skill as clean.
This skill looks reasonable for local, read-only scanning of skill folders. Before relying on it, verify the installed scan.py path because the docs reference scripts/scan.py while the manifest shows scan.py at the root, and remember that its findings are heuristic rather than a guarantee that a skill is safe. ClawScan detected prompt-injection indicators (ignore-previous-instructions), so this skill requires review even though the model response was benign.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill contains examples or descriptions of unsafe prompt patterns; these should be treated as scan data, not instructions.
Prompt-injection language is present, but it is presented as something the scanner detects, not as an instruction for the agent to follow.
Scans SKILL.md for hidden instructions that try to hijack the AI agent — patterns like instruction-override patterns, jailbreak phrases
Use the skill only to inspect other skills, and do not let example injection text override your current task or security policy.
The documented command may fail or users may accidentally run a different file path than the one included in the package.
The SKILL metadata and usage examples refer to scripts/scan.py, but the supplied file manifest lists scan.py at the package root, creating a packaging/path mismatch.
files:
- "scripts/*"After installation, confirm the actual location and contents of scan.py before running the scanner.
A user may believe the skill can never be invoked by the agent unless explicitly requested, although any resulting activity appears limited to local scanning.
The registry metadata shows disable-model-invocation is false, meaning the agent can invoke the skill autonomously under normal platform behavior; the statement overstates the invocation guarantee.
OpenClaw will not invoke ClawGuard automatically without your request — it is always user-initiated.
Treat invocation as governed by OpenClaw’s normal skill-selection behavior and review when the agent proposes to run scans.