Safety Guard URLs or files with the safety-guard CLI (web, PDFs, images, audio, YouTube).
Security Analysis
medium confidenceThe skill’s stated behavior is mostly coherent, but its packaged metadata does not match the registry identity, and it relies on an external CLI plus cloud API keys, so it should be reviewed before installation.
The skill’s purpose is coherent with invoking the safety-guard CLI on URLs, local files, and YouTube links, but that capability can involve sensitive user content.
The SKILL.md provides example commands and option references; it does not instruct the agent to run destructive actions, bypass approvals, or perform unrelated tasks.
The disclosed Homebrew install is purpose-aligned, but the included _meta.json identifies a different owner and slug than the registry listing, creating a material provenance and package-identity mismatch.
Provider API keys and optional Firecrawl/Apify tokens are disclosed and relevant to the CLI, but they are sensitive credentials and are not declared in the registry requirements.
Only an optional user-scoped config file is documented; there is no artifact evidence of privileged persistence, background services, or autonomous long-running behavior.
Guidance
Before installing, verify the package identity mismatch is resolved and confirm you trust the Homebrew formula and any configured providers. If you proceed, use limited provider credentials and avoid running the CLI on sensitive files or private URLs unless you are comfortable sending that content to the selected services.
Latest Release
v1.0.0
Initial release
More by @john-niu-07
Published by @john-niu-07 on ClawHub
