Skillv1.1.0

ClawScan security

Website Monitor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignFeb 22, 2026, 6:34 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill implementation matches its description: a small, zero-dependency Python website uptime and change checker that only issues HTTP(S) requests and prints/returns results.
Guidance: This skill appears coherent and straightforward: it will make outbound HTTP(S) requests to whatever URLs you pass it and print or return JSON-formatted results. Before installing/using it, consider that (1) it will contact any URL you provide — don't feed it sensitive internal URLs from an untrusted environment, (2) it does not exfiltrate local files or use credentials, and (3) by default it treats any non-expected HTTP status as 'down' (use --expect for redirects or other expected codes). If you plan to run it regularly (cron), run it from an environment that restricts network access if you're concerned about contacting untrusted hosts.

Purpose & Capability: okName/description (website uptime, response times, content hashing) align with the code and CLI options. The included main.py performs exactly those checks and nothing unrelated.
Instruction Scope: okSKILL.md usage and options match the program behavior. Runtime instructions do not request reading local files, environment variables, or sending data to external endpoints beyond the URLs the user provides.
Install Mechanism: okNo install spec and the tool is zero-dependency Python using only the standard library; nothing is downloaded or installed by the skill.
Credentials: okNo environment variables, credentials, or config paths are requested or accessed. The program only uses network access to the URLs passed on the command line.
Persistence & Privilege: okThe skill does not request persistent presence, system configuration changes, or modifications to other skills. It runs as a simple CLI program when invoked.