功能描述

Infrastructure security monitor — detects exposed services, privilege escalation paths, and novel threats using compositional reasoning. Read-only host telem...

使用说明 (SKILL.md)

Kefal Guard — Infrastructure Security for OpenClaw

Name: Kefal Guard
Author: davidangularme

Kefal monitors the machine running your OpenClaw gateway. It detects exposed databases, privilege escalation paths, unauthorized SSH keys, novel outbound connections, and services listening where they shouldn't — before an attacker does.

What it does

Kefal installs a lightweight agent (single static binary, ~6 MB) that scans your system every 60 seconds. It reports to your Kefal dashboard at kefal.dev/app, where you see:

A live graph of every host, service, port, and identity on your infrastructure
Incidents with severity levels (critical, high, medium) and plain-English explanations
Remediation plans with the exact shell commands to fix each issue

32 security invariants run on every scan. When something breaks — a new admin account, a service exposed to the internet, an outbound connection to an unknown IP — Kefal tells you what happened, why it matters, and how to fix it.

When to use this skill

After installing OpenClaw on a new server or VPS
Before exposing your gateway to the internet
When installing untrusted third-party skills from ClawHub
As continuous monitoring alongside your OpenClaw agent

Install

The agent is a separate binary that the operator installs and reviews manually — this skill does not download or execute remote code. Platform-specific install instructions, binary checksums, and verification steps are documented at:

https://kefal.dev/docs/installation.html

After install, verify with kefal-agent --version and kefal-agent --status. The skill below assumes the binary is on $PATH.

Commands

/kefal status — Show agent status, last scan time, and open incidents
/kefal scan — Trigger an immediate scan (normally runs every 60s)
/kefal incidents — List all open incidents with severity and details
/kefal remediate \x3Cincident-id> — Show remediation steps for a specific incident
/kefal graph — Open the live infrastructure graph in your browser

How the agent uses this skill

When the user asks about security, infrastructure health, or mentions concerns about exposed services or vulnerabilities, use the exec tool to run kefal-agent --status or kefal-agent --scan and report the results. If incidents are found, present them with their remediation steps.

When the user installs a new third-party skill, suggest running /kefal scan to verify no new attack surface was introduced.

When the user asks "is my server secure?" or "audit my setup", run a full scan and present the results as a security report.

What data does the agent collect

The agent reads host system metadata only:

Running processes — name, PID, owning user, CPU usage. (Source: /proc/\x3Cpid>/stat on Linux, equivalent APIs on macOS/Windows. The agent does not read process memory or open file descriptors.)
Listening ports — port number, protocol, owning process name. (Source: /proc/net/tcp and equivalents. The agent does not capture packets or read network traffic.)
User accounts with shell access — username and login state. (Source: /etc/passwd for the username list, utmp for active sessions. The agent reads these as a non-root user when possible; sudo is only needed for full process visibility.)
SSH authorized keys — public key fingerprints in ~/.ssh/authorized_keys. (Source: the file is read line-by-line as text. The agent never touches private keys; private keys live in different files and are never read.)

The agent does NOT read application data (databases, application config, business documents), does NOT capture network traffic, and does NOT modify any system file. All telemetry is transmitted over TLS 1.3 to kefal.dev. Each tenant's data is isolated; no data is shared with other customers.

The agent source structure is documented in the installation guide and the binaries are published with reproducible-build flags (-trimpath -ldflags="-s -w"), so the SHA-256 you download can be matched against a future open-source release.

Pricing

The skill includes a 7-day free trial. Plans start at $49/month for up to 3 agents. No credit card required to start. See https://kefal.dev/#pricing for details.

Built by

Catalyst AI Research — Haifa, Israel. https://catalystais.com

安全使用建议

This skill is coherent with its description, but you should not install the kefal-agent binary without verification. Before installing: 1) Manually download the binary only from the vendor site (https://kefal.dev) and verify the SHA-256 and reproducible-build claims; 2) Review the installation docs and confirm what telemetry is sent to kefal.dev and the vendor's privacy/security policy; 3) Install in a controlled environment first (or on a non-production host) and inspect the systemd/service configuration the agent creates; 4) Understand the agent needs outbound HTTPS and may require sudo for full visibility — limit that scope if needed; 5) If you do not trust the vendor, do not install the agent even though the skill itself is instruction-only.

功能分析

Type: OpenClaw Skill Name: kefal-guard Version: 1.0.1 The skill requires the manual installation of a closed-source, un-notarized third-party binary (kefal-agent) that collects and exfiltrates sensitive system metadata—including process lists, listening ports, and SSH public key fingerprints—to an external domain (kefal.dev). While the stated purpose is infrastructure security monitoring, the requirement for root/sudo privileges and the transmission of host telemetry to a SaaS platform represent a significant attack surface and potential for data exfiltration. The SKILL.md instructions also direct the AI agent to proactively suggest scans, ensuring the third-party tool remains active and integrated into the user's workflow.

能力评估

✓ Purpose & Capability

Name/description (infrastructure security monitor) matches what the skill asks for: a locally installed kefal-agent binary that inspects processes, ports, accounts, and SSH authorized_keys and reports to kefal.dev. Required binaries and OS restrictions align with the declared purpose.

ℹ Instruction Scope

SKILL.md instructs the agent to use exec to run `kefal-agent --status` / `--scan` and present results; the skill itself does not instruct reading unrelated files or exfiltrating data. Minor ambiguity: the frontmatter says 'Manual install, no auto-execution' while the README/description describe an agent that scans every 60s — this appears to mean the skill will not auto-download/execute remote code, but the installed agent may run periodically as a service. Confirm that you must manually install and review the binary before enabling the agent.

✓ Install Mechanism

No install spec in the skill (instruction-only), so nothing is written to disk by the skill itself. The binary is installed manually per vendor docs (lower risk for the skill package), but the operator must review the binary and follow the provided verification steps (checksums, reproducible-build claims).

✓ Credentials

The skill does not request environment variables or credentials. The agent requires outbound HTTPS access to kefal.dev and initial sudo during installation for full visibility — both are consistent with system-monitoring functionality. No unrelated credentials are requested.

✓ Persistence & Privilege

always is false and the skill does not request persistent platform privileges. Any persistent behavior (periodic scans, systemd service) would come from the separately installed agent, not the skill itself. The skill does not modify other skills or global agent config.

版本历史

v1.0.1

1.0.1 — Skill no longer ships install scripts or inline shell commands. Agent install moved to https://kefal.dev/docs/installation.html for manual operator review (clears VirusTotal/ClawHub Security 'suspicious' flag). Documentation now precisely describes which system files the agent reads and rules out (private keys, file contents, network packets).

v1.0.0

Initial release of kefal-guard. - Infrastructure security monitor for OpenClaw gateways - Detects exposed services, privilege escalation, unauthorized SSH keys, and novel threats - Installs in 30 seconds with no configuration required - Provides live graphs, incident reports, and shell-command remediation steps - Supports both macOS and Linux (x86_64 and ARM64) - Includes CLI commands for status, scans, incident listing, remediation, and graph visualization - 7-day free trial; pricing details at kefal.dev

元数据

Slug kefal-guard

版本 1.0.1

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 2

常见问题

Kefal Guard 是什么？

Infrastructure security monitor — detects exposed services, privilege escalation paths, and novel threats using compositional reasoning. Read-only host telem... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 71 次。

如何安装 Kefal Guard？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install kefal-guard」即可一键安装，无需额外配置。

Kefal Guard 是免费的吗？

是的，Kefal Guard 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

Kefal Guard 支持哪些平台？

Kefal Guard 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（darwin, linux）。

谁开发了 Kefal Guard？

由 davidangularme（@davidangularme）开发并维护，当前版本 v1.0.1。

Kefal Guard