Scan Report
5 /100
command-guardian
Preflight safety guard for shell and infrastructure commands. Analyzes command risk, path targets, inline secrets, compound structures, and provides rollback guidance before execution.
Command Guardian is a well-structured preflight safety guard that analyzes shell commands for risks. All scripts perform read-only analysis with no side effects. The two flagged IOCs are documentation references to dangerous patterns, not actual executions.
Safe to install
Skill is safe to use. The preflight, classify, path_guard, and rollback_hints scripts all read input and produce reports without executing any commands. The secret_guard pattern detection is read-only analysis only.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | NONE | READ | ✓ Aligned | guardlib.py:326 — open(args.command_file) is user-supplied path only when explic… |
| Shell | NONE | NONE | — | guardlib.py:314 — subprocess.check_output(['git', 'rev-parse', '--show-toplevel'… |
| Network | NONE | NONE | — | No network calls found in any script |
| Environment | NONE | READ | ✓ Aligned | guardlib.py:115 — os.path.expandvars() only expands env vars in the command stri… |
| Skill Invoke | NONE | NONE | — | No dynamic skill invocation |
| Clipboard | NONE | NONE | — | No clipboard access |
| Browser | NONE | NONE | — | No browser access |
| Database | NONE | NONE | — | No database access |
2 Critical 2 findings
Critical Dangerous Command 危险 Shell 命令
curl | sh SKILL.md:54 Critical Dangerous Command 危险 Shell 命令
wget | bash references/tool-patterns.md:30 File Tree
10 files · 36.7 KB · 1041 lines Python 6f · 840L
Markdown 3f · 193L
YAML 1f · 8L
├─
▾
agents
│ └─
openai.yaml
YAML
├─
▾
references
│ ├─
risk-rules.md
Markdown
│ └─
tool-patterns.md
Markdown
├─
▾
scripts
│ ├─
classify_command.py
Python
│ ├─
guardlib.py
Python
│ ├─
path_guard.py
Python
│ ├─
preflight.py
Python
│ ├─
rollback_hints.py
Python
│ └─
secret_guard.py
⚠
Python
└─
SKILL.md
Markdown
Security Positives
✓ All scripts are read-only analysis tools — they classify, detect patterns, and report without executing commands
✓ subprocess is used only for safe git metadata queries (repo root, branch, dirty status) with no shell=True and no user input in subprocess arguments
✓ No credential harvesting — secret_guard.py only performs regex detection on the input command string
✓ No file writes, network requests, or environment variable exfiltration
✓ The 'curl | sh' and 'wget | bash' IOCs are references in documentation describing dangerous patterns, not actual executions
✓ No base64 encoding, eval(), or dynamic code execution
✓ The skill's purpose and behavior are fully documented in SKILL.md with clear capability declarations
✓ No sensitive paths (~/.ssh, ~/.aws, .env) are accessed
✓ Rollback hints and safer commands are suggestions only — the skill never auto-executes