skill_guard Security Report — Low Risk | ClawSafe

15 /100

skill_guard

Security scanner for AI Skills - scans code for risks before install or use

Legitimate security scanner tool that detects risk patterns in code, though with documentation-code mismatch for remote inspection feature.

Skill Nameskill_guard

Duration33.1s

Enginepi

✓

Safe to install

This skill is a genuine security scanner for AI skills. Use as intended for auditing unknown code. No malicious behavior detected.

Findings 2 items

Severity	Finding	Location
Low	Undocumented/Unimplemented Feature Doc Mismatch SKILL.md documents inspect_remote() function for remote skill inspection, but this function is not implemented in skill_guard.py. Only scan() and check() are available. `def check(skill: str)...` → Remove inspect_remote from documentation or implement the function.	`skill_guard.py:1`
Low	Pattern Detection False Positives Doc Mismatch RISK_PATTERNS flags benign code patterns like 'input(', 'getpass', 'os.environ' as suspicious, which may produce false positives when scanning legitimate security tools. `(['input(', 'getpass', 'askpassword', '密码输入', '输入密码'], '诱导输入', '🟠 高')` → Refine pattern matching to reduce false positives in legitimate tools.	`skill_guard.py:1`

Resource	Declared	Inferred	Status	Evidence
Filesystem	`READ`	`READ`	✓ Aligned	_find_files() uses os.walk() to read file tree
Network	`READ`	`NONE`	✓ Aligned	SKILL.md mentions inspect_remote() but function not implemented
Shell	`NONE`	`NONE`	—	No shell execution found
Environment	`NONE`	`NONE`	—	Code does not read environment variables

2 files · 9.1 KB · 245 lines

Python 1f · 174L Markdown 1f · 71L

├─ 🐍 skill_guard.py Python 174L · 7.0 KB

└─ 📝 SKILL.md Markdown 71L · 2.1 KB

Package	Version	Source	Known Vulns	Notes
`Python standard library only`	`N/A`	stdlib	No	Only uses os, re, json, dataclasses, typing, enum - all built-in modules

✓ No actual malicious code execution detected - only pattern matching definitions

✓ No credential harvesting or data exfiltration

✓ No network-based C2 communication or data theft

✓ No reverse shell, backdoor, or persistence mechanisms

✓ Scanner reads files only for pattern matching, no destructive operations

✓ No obfuscation techniques (base64/rot13 in patterns are detection rules, not actual obfuscation)

✓ Dependencies are standard library only - no external supply chain risk