Evidence URL Verifier
v1.0.0Verify evidence URLs are real and accessible. Check that artifact links resolve to actual content, not placeholders.
⭐ 0· 395·0 current·0 all-time
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name and description match the runtime instructions: the SKILL.md shows URL HEAD/GET checks, content-type and placeholder detection, and Test-Path checks for local artifacts. There are no unrelated environment variables, binaries, or installs requested.
Instruction Scope
Instructions are narrowly focused on HTTP checks and local file existence. They do include examples that fetch content from supplied URLs and check local artifact paths; this is within scope but means the agent will attempt network requests and local filesystem reads for whatever URLs or paths it is given. The skill advises redaction and rate-limiting, which is appropriate.
Install Mechanism
No install spec and no code files — instruction-only — so nothing will be written to disk or downloaded by the skill itself.
Credentials
The skill requests no credentials, environment variables, or config paths. Its operations (HTTP requests, local path checks) do not require additional secrets as written.
Persistence & Privilege
always is false and autonomous invocation remains the platform default; the skill does not request permanent presence or changes to other skills or system-wide settings.
Assessment
This skill is coherent and limited in scope, but be aware of practical risks: it runs network requests and may read local paths you provide — do not supply sensitive or private URLs unless you intend the agent to fetch them. The instructions are PowerShell-specific, so ensure the execution environment supports PowerShell before relying on it. Consider restricting which paths the skill may check, avoid sending credentials to verify protected resources, and confirm rate-limiting to prevent accidental scanning of many URLs. If you need the agent to check URLs behind authentication, prefer explicit, scoped credentials rather than pasting secrets into URLs or content fields.Like a lobster shell, security has layers — review code before you run it.
latest
Evidence URL Verifier
Verify evidence URLs are real and accessible.
Problem
Evidence links often:
- Point to non-existent resources
- Are placeholders (example.com)
- Expire or get deleted
- Don't match claimed content
Workflow
1. URL Validation
function Test-EvidenceUrl {
param([string]$url)
try {
$response = Invoke-WebRequest -Uri $url -Method Head -TimeoutSec 10
return @{
Valid = $true
Status = $response.StatusCode
ContentType = $response.ContentType
}
} catch {
return @{
Valid = $false
Error = $_.Exception.Message
}
}
}
# Usage
$result = Test-EvidenceUrl "https://example.com/artifact"
if ($result.Valid) {
Write-Host "URL valid: $($result.Status)"
} else {
Write-Error "URL invalid: $($result.Error)"
}
2. Content Verification
# Check URL matches claimed content type
$response = Invoke-WebRequest -Uri $url
if ($response.ContentType -notlike "text/*" -and $expectedType -eq "text") {
Write-Warning "Content type mismatch"
}
# Check for placeholder text
$content = $response.Content
if ($content -match "lorem ipsum|placeholder|example") {
Write-Warning "Content appears to be placeholder"
}
3. Artifact Existence
# For local paths
if (Test-Path $artifactPath) {
$size = (Get-Item $artifactPath).Length
if ($size -eq 0) {
Write-Warning "Artifact file is empty"
}
} else {
Write-Error "Artifact not found: $artifactPath"
}
Executable Completion Criteria
| Criteria | Verification |
|---|---|
| URL resolves | HTTP 200 response |
| Content matches | Type matches expected |
| No placeholders | Content is substantive |
| Local paths exist | Test-Path returns true |
Privacy/Safety
- Don't log full URL contents
- Redact sensitive data in responses
- Respect rate limits (max 1 req/sec)
Self-Use Trigger
Use when:
- Task claims evidence artifact
- URL provided as proof
- Before marking task complete
- Audit of past completions
Verify evidence. Trust but confirm.
Comments
Loading comments...