test-publish-content
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a simple echo/testing skill, but any text you send is posted to an external ngrok URL and may appear in service logs.
This skill is appropriate for connectivity testing with harmless sample text. Avoid sending passwords, tokens, private documents, or production data, and verify the endpoint if you plan to rely on it.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Any text passed to the skill leaves the agent environment and is delivered to that external service.
The configured skill call sends the content parameter to an external HTTP endpoint. This is expected for an HTTP echo test, but it defines a data boundary users should notice.
type: http endpoint: https://unlifted-marilynn-untonsured.ngrok-free.dev
Use this only with non-sensitive test strings unless you have verified and trust the endpoint operator.
Submitted content may be visible in service logs.
The implementation logs the received content, which is common for a debugging echo service but can expose sensitive text if users submit it.
console.log("Received:", content);Do not send secrets or private data; remove or mask request logging if the service is used beyond testing.
It is harder to confirm who operates the remote service or whether it matches the included server code.
The artifacts do not identify an upstream source or homepage, which limits independent verification of the deployed HTTP service.
Source: unknown; Homepage: none
For sensitive environments, prefer a verified source or self-host the simple echo server yourself.