Agent Guard

AdvisoryAudited by Static analysis on May 10, 2026.

Overview

Detected: suspicious.dynamic_code_execution, suspicious.obfuscated_code, suspicious.prompt_injection_instructions

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

ConcernMedium Confidence

ASI02: Tool Misuse and Exploitation

What this means

A malicious message could potentially trigger local command execution through the scanning command itself if the agent follows the example by interpolating untrusted text into a shell.

Why it was flagged

These commands are meant to process untrusted messages and GitHub issue text. If an agent substitutes raw content into these double-quoted shell snippets, shell syntax such as command substitution or broken quoting could execute before AgentGuard scans the content.

Skill content

Run `python3 scripts/agent_guard.py analyze --stdin --json <<< "MESSAGE_CONTENT"` ... `python3 scripts/agent_guard.py github-issue --json --title "TITLE" --body "BODY"`

Recommendation

Invoke the scanner without shell interpolation: pass content through a safe stdin API, an argument array, a temporary file, or a properly quoted heredoc, and avoid embedding untrusted text directly in a shell command.

NoteHigh Confidence

ASI04: Agentic Supply Chain Vulnerabilities

What this means

The skill may fail at runtime or behave inconsistently on systems without the expected local interpreters.

Why it was flagged

The skill's instructions and wrapper script rely on `python3`/bash to run `scripts/agent_guard.py`, but the registry metadata does not declare those runtime binaries. This is purpose-aligned but may prevent preflight checks from catching missing dependencies.

Skill content

Required binaries (all must exist): none ... No install spec — this is an instruction-only skill.

Recommendation

Declare the required local runtime binaries, especially python3 and any shell wrapper requirement, in the skill metadata.

Findings (5)

critical

suspicious.dynamic_code_execution

Location: tests/test_agent_guard.py:142
Finding: Dynamic code execution detected.

warn

suspicious.obfuscated_code

Location: tests/test_agent_guard.py:373
Finding: Potential obfuscated payload detected.

warn

suspicious.prompt_injection_instructions

Location: references/false-positives.md:25
Finding: Prompt-injection style instruction pattern detected.

warn

suspicious.prompt_injection_instructions

Location: references/threat-patterns.md:46
Finding: Prompt-injection style instruction pattern detected.

warn

suspicious.prompt_injection_instructions

Location: SKILL.md:96
Finding: Prompt-injection style instruction pattern detected.