ClawHub

Agent Guard

SuspiciousAudited by ClawScan on May 10, 2026.

Overview

The skill mostly matches its security-scanner purpose, but its instructions show unsafe shell-command examples that could execute untrusted text before it is scanned.

Install only if you are comfortable reviewing and running the local Python scanner. Before using it on untrusted text, adjust the invocation so content is passed safely to stdin or an argument array, not pasted into a shell command. Treat its detections as advisory rather than a replacement for sandboxing and human approval for risky actions.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

ConcernMedium Confidence
ASI02: Tool Misuse and Exploitation
What this means

A malicious message could potentially trigger local command execution through the scanning command itself if the agent follows the example by interpolating untrusted text into a shell.

Why it was flagged

These commands are meant to process untrusted messages and GitHub issue text. If an agent substitutes raw content into these double-quoted shell snippets, shell syntax such as command substitution or broken quoting could execute before AgentGuard scans the content.

Skill content
Run `python3 scripts/agent_guard.py analyze --stdin --json <<< "MESSAGE_CONTENT"` ... `python3 scripts/agent_guard.py github-issue --json --title "TITLE" --body "BODY"`
Recommendation

Invoke the scanner without shell interpolation: pass content through a safe stdin API, an argument array, a temporary file, or a properly quoted heredoc, and avoid embedding untrusted text directly in a shell command.

NoteHigh Confidence
ASI04: Agentic Supply Chain Vulnerabilities
What this means

The skill may fail at runtime or behave inconsistently on systems without the expected local interpreters.

Why it was flagged

The skill's instructions and wrapper script rely on `python3`/bash to run `scripts/agent_guard.py`, but the registry metadata does not declare those runtime binaries. This is purpose-aligned but may prevent preflight checks from catching missing dependencies.

Skill content
Required binaries (all must exist): none ... No install spec — this is an instruction-only skill.
Recommendation

Declare the required local runtime binaries, especially python3 and any shell wrapper requirement, in the skill metadata.