Back to skill
Skillv1.0.11
ClawScan security
AgentMFA · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 19, 2026, 12:47 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requested binaries, env var, and install method match its stated purpose (running a local MCP proxy that calls api.agentmfa.ai) and there are no obvious incoherent requirements.
- Guidance
- This skill appears coherent, but verify before installing: 1) Inspect the npm package source (github link) and pin to a specific release (do not use unpinned npx latest). 2) Verify the binary checksum after installation to ensure it matches the release. 3) Review the privacy/security policy and what fields (action, context) are sent to api.agentmfa.ai — avoid including secrets or full sensitive payloads in the context. 4) Limit the AGENTMFA_API_KEY scope if possible and rotate keys regularly. 5) Consider running the MCP binary in a restricted environment (limited network access/logging) while you evaluate its behavior. 6) If you require higher assurance, perform an internal code audit of the mcp/ subdirectory and review the npm package's maintainers and release history.
Review Dimensions
- Purpose & Capability
- okThe skill is an MFA/approval gateway and requires a local MCP binary (installed from an npm package) and an AGENTMFA_API_KEY. These requirements are proportionate to a service that pauses agent actions and forwards approval requests to api.agentmfa.ai. No unrelated credentials, binaries, or config paths are requested.
- Instruction Scope
- okSKILL.md instructs the agent to use the local MCP tools (request_approval, wait_for_approval, check_approval_status) and explicitly says the MCP server performs outbound HTTPS calls. The instructions do not tell the agent to read unrelated system files or to transmit extra data. It warns not to log one-time approval codes (good).
- Install Mechanism
- noteInstallation is via an npm package (@agentmfa/mcp) that creates a local binary (agentmfa-mcp). Using a published npm package is expected for this purpose, but npm packages run arbitrary code on install — follow the skill's own advice to pin versions and review the repository and checksums before installing.
- Credentials
- okOnly AGENTMFA_API_KEY is required and declared as the primary credential. That is reasonable for a third-party approval service. Users should confirm the API key's scope and what data the service receives in approval requests (action/context may include sensitive details).
- Persistence & Privilege
- okThe skill does not request always:true or system-wide configuration changes. It installs a local helper binary (normal for this use). Model invocation is enabled (default) which is standard; this alone is not a coherence problem.