ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Evidence URL Verifier

v1.0.0

Verify evidence URLs are real and accessible. Check that artifact links resolve to actual content, not placeholders.

0· 375·0 current·0 all-time
by@dalomeve
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name and description match the runtime instructions: the SKILL.md shows URL HEAD/GET checks, content-type and placeholder detection, and Test-Path checks for local artifacts. There are no unrelated environment variables, binaries, or installs requested.
Instruction Scope
Instructions are narrowly focused on HTTP checks and local file existence. They do include examples that fetch content from supplied URLs and check local artifact paths; this is within scope but means the agent will attempt network requests and local filesystem reads for whatever URLs or paths it is given. The skill advises redaction and rate-limiting, which is appropriate.
Install Mechanism
No install spec and no code files — instruction-only — so nothing will be written to disk or downloaded by the skill itself.
Credentials
The skill requests no credentials, environment variables, or config paths. Its operations (HTTP requests, local path checks) do not require additional secrets as written.
Persistence & Privilege
always is false and autonomous invocation remains the platform default; the skill does not request permanent presence or changes to other skills or system-wide settings.
Assessment
This skill is coherent and limited in scope, but be aware of practical risks: it runs network requests and may read local paths you provide — do not supply sensitive or private URLs unless you intend the agent to fetch them. The instructions are PowerShell-specific, so ensure the execution environment supports PowerShell before relying on it. Consider restricting which paths the skill may check, avoid sending credentials to verify protected resources, and confirm rate-limiting to prevent accidental scanning of many URLs. If you need the agent to check URLs behind authentication, prefer explicit, scoped credentials rather than pasting secrets into URLs or content fields.

Like a lobster shell, security has layers — review code before you run it.

latestvk97akjm801vjhj8qtswpj90xah822817

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments