Guardian Security — World-Class AI Security & Compliance
WarnAudited by ClawScan on May 10, 2026.
Overview
This instruction-only security skill is mostly purpose-aligned, but it gives the agent broad authority to block deployments and rotate or revoke credentials without clear user approval boundaries.
Install only if you want a strict security-review assistant, and keep it review-only unless you explicitly authorize specific actions. Do not let it rotate keys, revoke access, update deployment secrets, or block production workflows without a human-approved scope and rollback plan.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent has access to deployment or platform tools, it could stop releases or change credentials without a clear confirmation step.
The skill explicitly says the agent may perform high-impact operational actions without asking. Blocking deployments and rotating credentials can disrupt production or account access if done incorrectly.
AUTONOMOUS: - Blocking a deployment when credentials found in code - Running security checklists before any deployment - Rotating scheduled credentials
Make security review the default behavior, but require explicit user approval and a scoped runbook before blocking deployments, rotating keys, revoking access, or modifying production settings.
A user could assume the agent is safe to handle sensitive credentials, while the artifacts do not clearly limit what keys it may inspect, use, rotate, or revoke.
The skill centers high-risk business credentials and account access, but the provided metadata declares no primary credential, required environment variables, or clear account/tool boundaries.
Stripe Secret Key (sk_live_xxx): HIGH RISK — full API access ... Gumroad Access Token: HIGH RISK ... SendGrid API Key: HIGH RISK ... GitHub Personal Access Token: HIGH RISK
Declare any required credentials and scopes explicitly, prefer read-only review flows, and require user confirmation before accessing, displaying, rotating, or revoking any real credential.
A mistaken incident classification could lead to revoked keys, broken deployments, or service interruptions across multiple systems.
The incident-response workflow can propagate changes across production secrets, local configuration, and platform credentials. If triggered on a false positive or incomplete context, it could cause outages or lockouts.
STEP 2 (Within 5 min): Update all uses Update Replit Secrets Update any .env files ... STEP 3 (Within 10 min): Revoke old credential
Add containment checks, rollback steps, owner approval, and platform-specific scopes before allowing the agent to change live credentials or deployment secrets.
The agent may delay, refuse, or reframe work as a security review even when the user expected a narrower answer.
The broad activation language can cause the skill to redirect ordinary tasks into security-gatekeeping. This is purpose-aligned for a security skill, but users should know it may interrupt or constrain workflows.
Always trigger on any security-adjacent question, even if it seems minor. Security is never optional.
Define narrower invocation criteria and let the user choose whether the agent is only advising, reviewing, or authorized to gate a workflow.