Drift Guard
PassAudited by ClawScan on May 1, 2026.
Overview
Drift Guard appears to be a local Python text-analysis tool, with the main things to review being its executable Python config file and the local history/alert files it creates.
This looks safe to use as a local monitoring helper if you understand where it writes files. Before installing, review config.py, keep baseline/history/alert files in a trusted location, avoid untrusted config files, and only set up cron automation if you want ongoing scheduled checks.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If someone gives you a malicious config.py, running the tool with that config could execute code on your machine.
A configuration file is imported as a Python module, so loading an untrusted config file could execute its top-level Python code. This is disclosed by the Python-based config workflow and appears purpose-aligned, but it is more powerful than a plain data config.
sys.path.insert(0, str(Path(args.config).parent)) module_name = Path(args.config).stem config_module = __import__(module_name) config = config_module.CONFIG
Create config.py yourself from the included template, review any config before use, and avoid loading config files from untrusted sources.
If baseline or history files are modified, deleted, or replaced, future drift alerts and trend reports could be misleading.
The tool loads a saved baseline and appends measurements to a persistent history file, which then affects future drift scores and reports.
self.baseline = json.load(f) ... self.history.append(record) ... json.dump(self.history, f, indent=2)
Store baseline and history files in a trusted project directory, back up known-good baselines, and do not treat drift scores as a substitute for human review.
A cron job would keep running on a schedule and continue writing drift history or alerts until you remove it.
The README documents optional recurring execution through cron. It is user-directed and not installed automatically, but it is a persistence mechanism if the user chooses to add it.
### Automatic Drift Checks via Cron # Check drift every hour 0 * * * * cd /path/to/agent && python drift_guard.py latest_response.txt
Only add scheduled jobs if you need continuous monitoring, document where they are installed, and remove them when no longer needed.