Scan Report
0 /100
clawguard-auditor
ClawGuard v3 - AI Agent Security Toolkit
ClawGuard v3 Auditor is a legitimate security auditing tool with no malicious behavior detected - it performs exactly as documented with no hidden functionality.
Safe to install
This skill is safe to use for auditing AI Skills. No security concerns identified.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Filesystem | READ | READ | ✓ Aligned | Uses fs.readFileSync only for reading skill files, not writing sensitive paths |
| Network | READ | READ | ✓ Aligned | Makes HTTPS requests only to official registries for CVE checks |
| Shell | NONE | NONE | — | No child_process, exec, or shell spawning detected |
| Environment | NONE | NONE | — | No process.env access for credentials |
File Tree
9 files · 69.7 KB · 2339 lines JavaScript 5f · 1514L
Markdown 2f · 804L
JSON 2f · 21L
├─
▾
src
│ ├─
auditor.js
JavaScript
│ ├─
intent-drift-detector.js
JavaScript
│ ├─
sast-analyzer.js
JavaScript
│ └─
supply-chain-analyzer.js
JavaScript
├─
_meta.json
JSON
├─
cli.js
JavaScript
├─
package.json
JSON
├─
README.md
Markdown
└─
SKILL.md
Markdown
Security Positives
✓ Zero external dependencies - package.json shows empty dependencies object, eliminating supply chain risk
✓ Uses only Node.js built-in modules (fs, path, https, http) - no third-party code
✓ All network requests are documented HTTPS calls to official package registries for CVE checks
✓ No credential harvesting, no hardcoded secrets, no sensitive file access
✓ No obfuscation techniques (base64 decode, hex encoding, zero-width chars)
✓ No reverse shell signatures, no C2 patterns, no data exfiltration
✓ Intent matches declared purpose: legitimate security auditing tool
✓ Comprehensive SAST rules are defensive in nature (detecting malicious patterns)
✓ Intent drift detector analyzes code for discrepancies between documentation and behavior