diff --git a/skills/clawsec-suite/hooks/clawsec-advisory-guardian/handler.ts b/skills/clawsec-suite/hooks/clawsec-advisory-guardian/handler.ts
index ee1220f..142f036 100644
--- a/skills/clawsec-suite/hooks/clawsec-advisory-guardian/handler.ts
+++ b/skills/clawsec-suite/hooks/clawsec-advisory-guardian/handler.ts
@@ -12,6 +12,7 @@ const DEFAULT_FEED_URL =
   "https://clawsec.prompt.security/advisories/feed.json";
 const DEFAULT_SCAN_INTERVAL_SECONDS = 300;
 let unsignedModeWarningShown = false;
+let checksumBypassWarningShown = false;
 
 function parsePositiveInteger(value: string | undefined, fallback: number): number {
   const parsed = Number.parseInt(String(value ?? ""), 10);
@@ -160,6 +161,14 @@ const handler = async (event: HookEvent): Promise<void> => {
     );
   }
 
+  if (!verifyChecksumManifest && !checksumBypassWarningShown) {
+    checksumBypassWarningShown = true;
+    console.warn(
+      "[clawsec-advisory-guardian] CLAWSEC_VERIFY_CHECKSUM_MANIFEST=0 is enabled. " +
+        "This disables checksum verification and should be used with caution.",
+    );
+  }
+
   const forceScan = toEventName(event) === "command:new";
   const state = await loadState(stateFile);
   if (!forceScan && scannedRecently(state.last_hook_scan, scanIntervalSeconds)) {