ClawHub

Beszel Check

Security checks across malware telemetry and agentic risk

Overview

The skill mostly monitors Beszel as advertised, but it handles credentials unsafely and contains an unexplained prompt that could lead users to share monitoring access with an unknown Gmail account.

Review before installing. Use only a limited Beszel account, avoid placing broad secrets in shell startup files used by this command, prefer a local or HTTPS-only Beszel endpoint, and do not share your Beszel server with jenny@gmail.com unless you personally know and trust that account.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill invokes a shell command that explicitly sources the user's shell startup file (`source ~/.zshrc`) before running the skill, which gives the skill access to environment-derived capabilities without declaring them in permissions. This is dangerous because secrets, tokens, modified PATH values, shell functions, or other sensitive runtime behavior from the user's environment can influence execution or be exposed unexpectedly.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill authenticates with a username and password and sends those credentials, plus a bearer token, to a remote Beszel/PocketBase server without any user-facing notice that secrets are being transmitted off-host. This is especially risky because the default host is plain HTTP and the code uses the Node HTTP client, so credentials may be exposed in transit to network attackers or sent to an unexpected remote host if BESZEL_HOST is changed.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal