Provider Probe
Security checks across malware telemetry and agentic risk
Overview
Provider Probe appears to do what it says—test selected OpenAI-compatible endpoints—but it needs provider API keys and makes real API calls that may be logged or billed.
This skill looks safe to use for its stated purpose if you are comfortable with it reading a specified provider config or using a provided API key, then sending several small test requests to the chosen endpoint. Verify the base URL and use scoped or disposable keys for audits.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A real provider API key may be used, requests may consume quota, and a key could be exposed if paired with an untrusted or incorrect base URL.
The script sends the supplied or config-read API key as a bearer token to the selected provider base URL. This is necessary for the stated probing purpose, but it is still sensitive delegated account access.
'Authorization': f'Bearer {api_key}'Use scoped or test API keys where possible, verify the base URL before running, avoid placing real keys in shared command history or logs, and rotate keys if they may have been exposed.
Running the probe can create provider-side logs, trigger rate limits, and incur small API costs for each selected provider.
The script performs repeated live API calls for stability testing. This is purpose-aligned, but it is real external tool/API use rather than a passive inspection.
for i in range(5):
ok, http, latency, raw = http_call(base_url, api_key, chosen, model, 'Reply with exactly OK')Run it only against providers you intend to audit, limit the provider list, and monitor usage or billing when probing paid endpoints.