SKILL Sonar
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may cause extra warnings, confirmations, replanning, or denials for actions it considers risky.
This gives the skill broad control over subsequent agent actions once the runtime guard is active. It is safety-oriented and matches the lifecycle guard purpose, but users should notice the broad gating behavior.
If any trigger is detected, enter guarded mode immediately. In guarded mode, do not execute any subsequent action unless it first passes triage.
Use it if you want strict runtime safety checks, and treat its guard behavior as advisory rather than as a replacement for user judgment or platform policy.
When used for skill review, the agent may inspect all files inside the target skill package.
The preflight workflow involves broad local reading of a target skill package. This is appropriate for auditing and is explicitly bounded to the candidate skill directory.
Read every file within the candidate skill's directory — not just SKILL.md, but README, configuration files, scripts, examples, and any nested or supporting files.
Confirm the target skill directory is correct, and keep the stated boundary that no files outside the candidate skill package should be read.
Users or agents could give the guard's advice more authority than intended.
The skill frames its own guard rules alongside system-prompt authority. This can be acceptable inside a guard workflow, but a user-installed skill should not be over-trusted as platform-level authority.
| P3 | System prompt, guard rules | Binding |
Treat the guard as a safety aid; platform/system instructions and the user's explicit goals should remain the real authority boundaries.