v1.0.0

Sitemap Generator

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 1:48 PM.

Analysis

The skill mostly matches its sitemap purpose, but its crawler disables HTTPS certificate checks, which can let tampered or spoofed pages influence the generated sitemap.

GuidanceReview or patch the script before use, especially for HTTPS sites. The main concern is the disabled certificate verification; otherwise, the documented crawling and local scanning behavior appears aligned with sitemap generation.

Findings (1)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

scripts/sitemap_gen.py

ctx.check_hostname = False
    ctx.verify_mode = ssl.CERT_NONE

The crawler creates an SSL context but then disables both hostname validation and certificate verification before fetching pages.

User impactA network attacker or misconfigured endpoint could serve spoofed or tampered HTML over HTTPS, causing the skill to crawl and output an inaccurate sitemap without warning.

RecommendationKeep TLS verification enabled by default; if insecure crawling is needed for testing, make it an explicit opt-in flag with a clear warning.