ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Site Change Alert

v2.0.1

Use when monitoring websites for content changes, comparing page snapshots with diff, scheduling periodic checks, or sending alerts via email and webhook not...

0· 86·0 current·0 all-time
by@bytesagain3
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The name/description (monitoring pages, diffing snapshots, scheduling checks, sending alerts) align with the included shell scripts: they fetch pages with curl, compute diffs, store snapshots and logs, and support webhook/email notification configuration. The presence of two related scripts and docs implements the advertised features.
Instruction Scope
Runtime instructions operate on web pages and local data files only. The SKILL.md commands map to concrete script actions (watch, check, diff, schedule, notify). The scripts only read/write files under the user's home data dirs and source a local config file; they do not attempt to read unrelated system credentials or hidden config paths.
Install Mechanism
There is no install spec (instruction-only), and the included scripts are plain shell with no external downloads or package installs. No high-risk install actions are present.
Credentials
The skill requests no environment variables or external credentials. However, there are inconsistencies in variable and path names across files: one script uses SITE_ALERT_DIR and ~/.site-change-alert, another uses SITE_CHANGE_ALERT_DIR and ~/.local/share/site-change-alert. Notification endpoints (WEBHOOK_URL / EMAIL_TO) live in a local config file and are optional, which is reasonable for the stated purpose but worth noting.
Persistence & Privilege
The scripts create persistent data under the user's home (snapshots, watchlist, logs, config). This is expected for a monitoring tool but is a persistent footprint the user should be aware of. The skill does not request elevated system privileges nor set always:true.
Assessment
This skill appears to do what it says: it fetches pages with curl, keeps snapshots and logs under your home directory, and can POST to a webhook or send email if you configure those endpoints in the local config. Before installing, review and optionally edit the configuration file (~/.site-change-alert/config.sh or ~/.local/share/site-change-alert/*) to ensure WEBHOOK_URL / EMAIL_TO values are correct and point to endpoints you control. Note the repository includes two slightly different scripts and data directories (SITE_ALERT_DIR vs SITE_CHANGE_ALERT_DIR); pick one to avoid duplicate storage. Because the scripts write files to your home, you may want to run them in a contained account or inspect the files they create. If you plan to use webhook/email notifications, do not store sensitive credentials there unless you trust the endpoint and understand how notifications are sent.

Like a lobster shell, security has layers — review code before you run it.

latestvk97aptqkwhjmzs7tbmh7ayf99183n3q0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments