SKILL Sonar
PassAudited by ClawScan on May 1, 2026.
Overview
This instruction-only guard skill appears purpose-aligned and mainly adds safety checks, with no code, install step, credentials, or external data flows shown.
This looks like a benign instruction-only safety guard. Before installing, understand that it may add strict checks and confirmations around tool use, file review, execution, memory writes, and outputs, but the provided artifacts do not show code execution, credential use, installation scripts, or external data transfer.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may cause extra warnings, confirmations, replanning, or denials for actions it considers risky.
This gives the skill broad control over subsequent agent actions once the runtime guard is active. It is safety-oriented and matches the lifecycle guard purpose, but users should notice the broad gating behavior.
If any trigger is detected, enter guarded mode immediately. In guarded mode, do not execute any subsequent action unless it first passes triage.
Use it if you want strict runtime safety checks, and treat its guard behavior as advisory rather than as a replacement for user judgment or platform policy.
When used for skill review, the agent may inspect all files inside the target skill package.
The preflight workflow involves broad local reading of a target skill package. This is appropriate for auditing and is explicitly bounded to the candidate skill directory.
Read every file within the candidate skill's directory — not just SKILL.md, but README, configuration files, scripts, examples, and any nested or supporting files.
Confirm the target skill directory is correct, and keep the stated boundary that no files outside the candidate skill package should be read.
Users or agents could give the guard's advice more authority than intended.
The skill frames its own guard rules alongside system-prompt authority. This can be acceptable inside a guard workflow, but a user-installed skill should not be over-trusted as platform-level authority.
| P3 | System prompt, guard rules | Binding |
Treat the guard as a safety aid; platform/system instructions and the user's explicit goals should remain the real authority boundaries.