Trust Assessment
guardian-angel received a trust score of 100/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.
SkillShield's automated analysis identified 1 finding: 0 critical, 0 high, 0 medium, and 0 low severity. Key findings include Theoretical Hook Priority Override Risk.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings1
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| INFO | Theoretical Hook Priority Override Risk The Guardian Angel plugin registers its `before_tool_call` hook with a very low priority (-10000) to ensure it runs last and can enforce security decisions. However, the plugin itself notes a limitation in the OpenClaw platform: it cannot programmatically verify if other plugins might register hooks with an even lower priority. If such a plugin exists, it could theoretically override Guardian Angel's decisions, bypassing its security controls. This is a self-reported limitation of the platform's introspection capabilities, not a direct vulnerability in Guardian Angel's code, but it highlights a potential weakness in the overall plugin execution order. This is a platform-level limitation. If OpenClaw provides hook introspection APIs in the future, Guardian Angel could be updated to actively detect and warn about lower-priority hooks. For now, ensure that no other plugins are installed that register `before_tool_call` hooks with a priority lower than -10000, or that any such plugins are trusted and do not bypass security controls. | LLM | plugin/src/diagnostics.ts:30 |
Scan History
Embed Code
[](https://skillshield.io/report/5638b91678cec904)
Powered by SkillShield