Skillv1.0.1

ClawScan security

Kefal Guard · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 25, 2026, 2:21 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is internally consistent with its stated purpose: it is an instruction-only wrapper that expects a separately installed kefal-agent binary which performs read-only host telemetry and reports to kefal.dev; verify the vendor and binary before installing.
Guidance: This skill is coherent with its description, but you should not install the kefal-agent binary without verification. Before installing: 1) Manually download the binary only from the vendor site (https://kefal.dev) and verify the SHA-256 and reproducible-build claims; 2) Review the installation docs and confirm what telemetry is sent to kefal.dev and the vendor's privacy/security policy; 3) Install in a controlled environment first (or on a non-production host) and inspect the systemd/service configuration the agent creates; 4) Understand the agent needs outbound HTTPS and may require sudo for full visibility — limit that scope if needed; 5) If you do not trust the vendor, do not install the agent even though the skill itself is instruction-only.

Review Dimensions

Purpose & Capability: okName/description (infrastructure security monitor) matches what the skill asks for: a locally installed kefal-agent binary that inspects processes, ports, accounts, and SSH authorized_keys and reports to kefal.dev. Required binaries and OS restrictions align with the declared purpose.
Instruction Scope: noteSKILL.md instructs the agent to use exec to run `kefal-agent --status` / `--scan` and present results; the skill itself does not instruct reading unrelated files or exfiltrating data. Minor ambiguity: the frontmatter says 'Manual install, no auto-execution' while the README/description describe an agent that scans every 60s — this appears to mean the skill will not auto-download/execute remote code, but the installed agent may run periodically as a service. Confirm that you must manually install and review the binary before enabling the agent.
Install Mechanism: okNo install spec in the skill (instruction-only), so nothing is written to disk by the skill itself. The binary is installed manually per vendor docs (lower risk for the skill package), but the operator must review the binary and follow the provided verification steps (checksums, reproducible-build claims).
Credentials: okThe skill does not request environment variables or credentials. The agent requires outbound HTTPS access to kefal.dev and initial sudo during installation for full visibility — both are consistent with system-monitoring functionality. No unrelated credentials are requested.
Persistence & Privilege: okalways is false and the skill does not request persistent platform privileges. Any persistent behavior (periodic scans, systemd service) would come from the separately installed agent, not the skill itself. The skill does not modify other skills or global agent config.