Ssl Certificate Monitor
ReviewAudited by ClawScan on May 10, 2026.
Overview
This is mostly a normal SSL certificate checker, but its validation/compliance claims are overstated because the code disables real certificate trust checks.
Use this skill only on authorized domains and treat its output mainly as certificate-expiration information. Do not rely on it as proof that a certificate chain, hostname, or compliance posture is valid unless the validation logic is corrected.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A self-signed, untrusted, or hostname-mismatched certificate could be treated as valid, giving users a false sense of compliance or security.
This disables hostname and CA-chain verification while SKILL.md advertises 'Security validation' and 'check certificate chain, basic trust validation'. Results labeled 'valid' may therefore reflect expiration status rather than actual certificate trust.
context.check_hostname = False
context.verify_mode = ssl.CERT_NONETreat the tool as an expiration checker unless validation is fixed. For validation mode, use verified TLS contexts with CERT_REQUIRED and hostname checking, and report trust-chain validation separately from expiration.
Running it on unapproved targets could create unwanted network traffic or touch internal systems.
The skill opens network connections to user-supplied hostnames and ports. This is core to SSL certificate monitoring, but it can target any reachable internal or external host.
with socket.create_connection((hostname, port), timeout=timeout) as sock:
Only check domains and ports you own or are authorized to monitor, and review batch input files before use.
Installing the dependency modifies the local Python environment and relies on the package source/version selected at install time.
The skill depends on the external cryptography package and documents an unpinned pip install. This is expected for certificate parsing, but the installed version and source are not locked by the artifacts.
pip3 install cryptography
Install dependencies in a virtual environment from a trusted package index, and pin versions if using this in production monitoring.