ClawHub

PreClick : URL Security Scanner

v1.2.2

Companion skill for @cybrlab/preclick-openclaw. Requires PreClick plugin tools to assess URLs for threats and intent alignment before navigation.

0· 118·0 current·0 all-time
by@cplusdev
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The skill is a thin, instruction-only companion that delegates URL scanning to a PreClick plugin and requires the plugin's config entry (plugins.entries.preclick-openclaw.enabled). That dependency is consistent with the stated purpose. However, the provided metadata lists no source or homepage for the plugin/skill bundle, making it impossible to audit the upstream code from this package alone — this reduces transparency and is worth noting.
Instruction Scope
SKILL.md only instructs the agent to call the plugin's URL scanning tools and to act on the returned agent_access_directive. It does not instruct reading unrelated files, environment variables, or system paths. It explicitly warns not to verify localhost/file:// addresses and instructs how to interpret results, which is appropriate for the stated goal.
Install Mechanism
The skill has no install spec and no code files (lowest on-disk risk). However, the SKILL.md tells users to install @cybrlab/preclick-openclaw via openclaw plugins install — that plugin will introduce code and network behavior. Because the plugin's source/homepage is not provided here, you cannot audit what the plugin will install or call; review the plugin before installing.
Credentials
This skill itself requests no credentials or env vars. That is proportionate for an instruction-only wrapper. Be aware the referenced plugin may require credentials, keys, or network access; those requirements are not visible in this skill and should be evaluated separately.
Persistence & Privilege
The skill is not marked always:true and is user-invocable; it does not request persistent system-wide privileges. Its one declared requirement is that the plugin be enabled in the gateway config, which is reasonable for a companion skill.
Assessment
This skill is consistent with being a helper that delegates URL checks to a PreClick plugin, but it contains no code itself — the plugin you install will perform the actual network calls and analysis. Before installing or using it: 1) Verify the provenance of @cybrlab/preclick-openclaw (source repo, release host, and maintainers); do not install plugins from unknown/untrusted sources. 2) Review what the plugin will send to external endpoints — avoid sending URLs that include session tokens, auth query parameters, or other sensitive data. 3) Check the plugin's required environment variables and permissions and ensure they are proportionate. 4) Test the plugin on non-sensitive, known-safe URLs first to observe behavior. 5) If you need higher assurance, request the plugin's code or a signed release and inspect its network endpoints and dependencies. If you cannot audit the plugin or trust its source, treat it as potentially privacy-impacting even though the companion skill itself is coherent.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e6q2zmmwnzt64yjv42wr7a5841d9c

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Configplugins.entries.preclick-openclaw.enabled

Comments