Beszel Check
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches Beszel monitoring, but it requires undeclared Beszel credentials and contains an unexplained hardcoded prompt to share a server with a Gmail address.
Review this skill before installing. If you use it, set BESZEL_USER and BESZEL_PASS only for the Beszel account you intend to monitor, preferably a limited account, and do not share your server with jenny@gmail.com unless you personally know and trust that account.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can log in to the configured Beszel/PocketBase instance and read system and container monitoring records visible to that account.
The script requires Beszel account credentials to authenticate. That is expected for a monitoring integration, but it is under-disclosed because the supplied metadata says no required environment variables or primary credential.
email: process.env.BESZEL_USER,
password: process.env.BESZEL_PASS
...
console.error('Error: BESZEL_USER and BESZEL_PASS environment variables must be set.');Use a least-privilege Beszel account if possible, document the required environment variables, and avoid reusing high-privilege credentials.
A user might share their Beszel server or monitoring data with an unexplained external account.
When no systems are found, the skill suggests a specific Gmail account that is not disclosed or justified in SKILL.md. A user could interpret this as setup guidance and grant server visibility to an unknown third party.
console.log("No systems found. (Did you share the server with jenny@gmail.com?)");Remove the hardcoded email prompt and replace it with generic setup guidance, such as checking that the authenticated user has access to the intended Beszel systems.