OpenClaw Safety Guard

The SKILL.md describes a CLI tool (examples like `safety-guard ...`) and references Python + PyYAML installation, but the published package contains no code files or executable. The registry metadata lists python3 as a required binary but provides no actual binary or script. This incoherence (a claimed tool with no implementation) is unexpected and unexplained.

Instructions describe reading URLs and local files (e.g., /path/to/file.pdf) and a config path (~/.safety-guard/config.json), which is reasonable for a content-scanning tool, but the SKILL.md is high-level and presumes a runtime component that isn't present. It also mentions optional services (FIRECRAWL, APIFY) and many model API keys — these would enable network access and third-party services if implemented, but the actual behavior is unknown because no code is included.

Registry shows 'no install spec', yet SKILL.md metadata contains an install hint (pip install PyYAML). That discrepancy means there is no verified, repeatable installation path included with the published skill. Lack of a proper install manifest for a tool that claims to be a CLI is a red flag.

The registry lists no required environment variables, but SKILL.md instructs users to set multiple provider API keys (OPENAI_API_KEY, ANTHROPIC_API_KEY, XAI, GEMINI_API_KEY and optional FIRECRAWL/APIFY tokens). Requiring numerous unrelated provider keys is plausible for a multi-model guard, but the package does not declare or justify those env requirements, increasing the risk of unexpected credential use if an implementation is obtained elsewhere.

The skill does not request 'always: true' and is user-invocable only. It does reference an optional config file under the user's home directory, which is normal for CLI tools. There is no evidence here of the skill attempting to modify other skills or request persistent elevated privileges.