Back to skill

Security audit

Kefal Guard

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed host-security monitoring skill that uses a separately installed Kefal agent, but users should understand it can collect and upload sensitive server metadata.

Install only if you want Kefal monitoring this machine and are comfortable with host security metadata being sent to kefal.dev. Review the separate kefal-agent binary and install guide, verify checksums, and consider requiring confirmation before running full scans from broad security questions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill is configured to activate on broad, generic security-related prompts and instructs the agent to run a local binary in response. That can cause the skill to engage outside a narrowly scoped user request, increasing the chance of unintended execution of a telemetry/scanning tool and unnecessary disclosure of host-security data.

Vague Triggers

Medium
Confidence
94% confidence
Finding
The example trigger phrase 'is my server secure?' / 'audit my setup' is overly broad and maps directly to running a full scan. In a skill ecosystem, such generic wording can cause this skill to activate unexpectedly and initiate sensitive host inspection without sufficiently explicit consent or contextual boundaries.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.