v1.0.0

Beszel Check

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 4:57 AM.

Analysis

The skill mostly matches Beszel monitoring, but it includes an undisclosed prompt to share server access with a hard-coded Gmail address and handles Beszel login credentials.

GuidanceReview the hard-coded jenny@gmail.com prompt before installing. Do not grant Beszel access to that address unless it is intentionally yours or a trusted collaborator. If you still use the skill, configure BESZEL_USER and BESZEL_PASS for a least-privileged account, use a trusted/local Beszel host, and consider removing the ~/.zshrc sourcing and hard-coded email from the script.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Human-Agent Trust Exploitation

SeverityMediumConfidenceHighStatusConcern

index.js

console.log("No systems found. (Did you share the server with jenny@gmail.com?)");

This hard-coded, undisclosed email is unrelated to a general Beszel monitoring skill and could prompt a user to grant Beszel server access to an unknown account.

User impactA user who follows this message could share home lab monitoring access with an unintended external email address.

RecommendationDo not share Beszel access with that address unless you know and trust it; the maintainer should remove the hard-coded email and replace it with generic setup guidance.

Unexpected Code Execution

SeverityLowConfidenceHighStatusNote

SKILL.md

source ~/.zshrc && ~/clawd/skills/beszel/index.js status

The documented runtime command sources the user's shell startup file before executing the skill. This is disclosed, but it is broader than directly setting the needed Beszel environment variables.

User impactRunning the documented command may execute whatever commands are in the user's ~/.zshrc, not just the Beszel checker.

RecommendationPrefer documenting the required environment variables directly or invoking the script in an environment where BESZEL_USER, BESZEL_PASS, and BESZEL_HOST are already set.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

index.js

email: process.env.BESZEL_USER,
password: process.env.BESZEL_PASS
...
password: CONFIG.password

The skill requires Beszel username/password environment variables and submits them to the configured Beszel/PocketBase auth endpoint, while the registry metadata declares no required env vars or primary credential.

User impactThe skill needs real Beszel account credentials to run, so those credentials control what server monitoring data the agent can access.

RecommendationUse a least-privileged Beszel account if possible, document BESZEL_USER/BESZEL_PASS clearly, and point BESZEL_HOST only at a trusted Beszel instance.