clawguard-guardian Security Report — Trusted | ClawSafe

5 /100

clawguard-guardian

ClawGuard Guardian v3 - Runtime guardian with behavior monitoring, interception, session freeze/replay, and emergency response

This is a legitimate security monitoring tool (ClawGuard Guardian v3) with no malicious behavior detected. The flagged IOCs (nc -e, /dev/tcp/, rm -rf) are documented dangerous patterns the tool is designed to detect and block, not actual malicious code.

Skill Nameclawguard-guardian

Duration29.4s

Enginepi

✓

Safe to install

No action required. The skill is safe for use.

Findings 2 items

Severity	Finding	Location
Info	Missing external rule module Supply Chain The code references '../../shared/rules/interceptor-rules.js' which doesn't exist in the package. The rules are hardcoded in SKILL.md documentation. `const rules = require('../../shared/rules/interceptor-rules.js');` → Either include the rules module or inline the rule definitions in the code.	`src/guardian.js:15`
Info	IOC patterns in documentation are intentional detection rules Doc Mismatch The SKILL.md documents dangerous patterns (nc -e, /dev/tcp/, rm -rf /) as THREATS TO BLOCK, not as capabilities this tool uses. This is legitimate security documentation. \| `nc -e` \| 🔴 CRITICAL \| BLOCK \| → No action needed - this is correct security documentation.	`SKILL.md:95`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`READ`	✓ Aligned	guardian.js:140 - Only reads ~/.clawguard/logs/ for audit logs
Shell	`NONE`	`NONE`	—	No shell execution found in code
Network	`NONE`	`NONE`	—	No network requests made
Environment	`NONE`	`NONE`	—	No environment variable access

3 Critical 3 findings

💀

Critical Dangerous Command 危险 Shell 命令

rm -rf /

README.md:147

💀

Critical Dangerous Command 危险 Shell 命令

nc -e

SKILL.md:95

💀

Critical Dangerous Command 危险 Shell 命令

/dev/tcp/

SKILL.md:180

File Tree

6 files · 37.6 KB · 1325 lines

JavaScript 2f · 660L Markdown 2f · 642L JSON 2f · 23L

├─ ▾ 📁 src

│ └─ 📜 guardian.js JavaScript 592L · 17.5 KB

├─ 📋 _meta.json JSON 7L · 159 B

├─ 📜 cli.js JavaScript 68L · 2.7 KB

├─ 📋 package.json JSON 16L · 493 B

├─ 📝 README.md Markdown 191L · 4.1 KB

└─ 📝 SKILL.md Markdown 451L · 12.7 KB

Dependencies 1 items

Package	Version	Source	Known Vulns	Notes
`Node.js built-ins (fs, path, events, os)`	`N/A`	built-in	No	Uses only Node.js standard library

Security Positives

✓ No shell command execution in the codebase

✓ No credential harvesting or environment variable access

✓ No network requests or data exfiltration

✓ No obfuscation techniques (base64, eval) detected

✓ No persistent installation mechanisms (cron, startup scripts)

✓ No suspicious file paths accessed (~/.ssh, ~/.aws, .env)

✓ Clean dependencies with no known vulnerabilities

✓ Well-documented security monitoring rules

Scan Report

Findings 2 items

File Tree

Dependencies 1 items

Security Positives