Shoofly Basic
ReviewAudited by ClawScan on May 10, 2026.
Overview
Shoofly Basic is mostly consistent with a security-alerting tool, but it asks the agent to persistently log every tool call and references an execution path whose installation/provenance is unclear.
Review the logging behavior before installing. If you use it, restrict logs to summaries, protect ~/.shoofly permissions, verify the notification helper path, and use dedicated notification credentials/channels.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private file contents, command outputs, credentials, or other sensitive information seen during normal agent work could be recorded in a local persistent log.
This requires persistent logging around every tool call, including arguments and returned results, but the artifact does not define redaction, retention, or exclusions for secrets/private content.
Capture: note the tool name, arguments used, and the result returned ... Log: append every tool call + threat evaluation to `~/.shoofly/logs/alerts.log`
Only log threat summaries by default, redact tokens and private data, document retention and permissions, and let users opt into full tool-call logging.
Alert delivery may fail or may execute a different local helper than the one included in the reviewed artifact.
The skill instructs execution of a helper at ~/.shoofly/bin/shoofly-notify, but the provided file is bin/shoofly-notify.sh and there is no install spec showing how the reviewed file becomes that executable.
`telegram`: run `~/.shoofly/bin/shoofly-notify telegram "<alert text>"`
Install the reviewed helper through a clear install step, call it by its packaged path, or verify the target path, ownership, and checksum before the agent runs it.
Configured messaging accounts can be used to send Shoofly alert messages, and those alerts may reveal the agent name and threat type to the selected channel.
The notification helper can read local messaging configuration and use a Telegram bot token to send alert messages, which is expected for a notification feature but involves account authority.
bot_token=$(jq -r '.telegram.bot_token // empty' "$CONFIG" ... curl ... "https://api.telegram.org/bot${bot_token}/sendMessage"Use dedicated low-privilege notification tokens/channels and avoid placing unrelated credentials in ~/.shoofly/config.json.
When configured, alerts may be sent automatically to terminal, local gateway, Telegram, or WhatsApp channels.
The skill instructs automatic notification actions after detections. This is aligned with its security-alerting purpose, but users should understand it can trigger tool/network actions without a separate confirmation each time.
If threat detected: fire notification immediately, log it, then continue (Basic does NOT block)
Review notification_channels before enabling the skill and keep automatic delivery limited to channels you trust.
Security warnings may double as marketing messages, which can make it harder to separate urgent safety information from promotion.
The required warning text includes a promotional upsell inside security alerts, which is disclosed but could influence user trust during a security event.
Try ⚡🪰⚡ SHOOFLY ADVANCED to block attacks before they're inside your agent infra. shoofly.dev/advanced
Prefer neutral alert text, or make promotional content optional and clearly separate from threat details.