Web Monitor

PassAudited by ClawScan on May 1, 2026.

Overview

The skill appears to do what it says—monitor web pages for changes—but users should notice that it fetches user-supplied URLs, stores page snapshots locally, and uses an unpinned optional dependency.

This looks like a coherent web-monitoring skill. Before installing, be comfortable with the agent fetching the URLs you provide and saving their text/diffs locally; use trusted URLs, consider a workspace-specific storage directory, and pin dependencies if you need reproducible installs.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Low

#ASI02: Tool Misuse and Exploitation

What this means

The agent can make network requests to URLs it is asked to monitor and then display or store the returned content.

Why it was flagged

The tool fetches URLs supplied through the add/check workflow. This is central to the skill, but the artifacts do not show scheme or host scoping.

Skill content

content = fetch_content(args.url, args.selector) ... req = Request(url, headers=req_headers) ... with urlopen(req, timeout=30) as resp:

Recommendation

Only add URLs you intend to fetch. For shared or automated deployments, consider restricting use to trusted http/https domains.

Low

#ASI06: Memory and Context Poisoning

What this means

Monitored page content, including any sensitive or untrusted text from those pages, can remain on disk and reappear in later diff or snapshot output.

Why it was flagged

The skill intentionally persists watched URLs, page snapshots, and diffs, which may later be shown back to the agent or user.

Skill content

Stored in `~/.web-monitor/` ... `watches.json` — watch list config ... `snapshots/` — stored page content + diffs

Recommendation

Use the workspace-specific WEB_MONITOR_DIR when appropriate, avoid monitoring private pages unless local retention is acceptable, and remove watches or clear stored snapshots when no longer needed.

Info

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

A future dependency version could differ from the version the author tested.

Why it was flagged

The documented execution path can resolve the beautifulsoup4 package without a pinned version. This is purpose-aligned for CSS selector support but leaves dependency version selection to the package manager.

Skill content

uv run --with beautifulsoup4 python scripts/monitor.py add "https://example.com"

Recommendation

If reproducibility matters, install the dependency in a managed environment or pin a known-good beautifulsoup4 version.