ClawShield Lite – AI Skill Security Scanner
Security checks across malware telemetry and agentic risk
Overview
This appears to be a benign local pattern scanner, but its “SAFE” output should not be treated as a complete security approval.
This skill looks safe to run as a local, lightweight scanner. Treat its output as advisory: a “SAFE” result only means none of its listed string patterns were found, not that the scanned skill is definitely secure.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Users may place too much trust in a clean result and miss risks that are not covered by the small pattern list.
The scanner uses direct substring matches and labels no-match results as “SAFE,” which is purpose-aligned but could be over-interpreted as a comprehensive security verdict.
if pattern in code: ... if total == 0:
risk_level = "SAFE"Use this as a quick first-pass checker only, and review any skill manually or with a more complete security process before installing.