Traceroute Tool
AdvisoryAudited by Static analysis on May 5, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill can send diagnostic network traffic to external hosts and may reveal that the user's machine or network contacted those destinations.
The skill runs the local traceroute command against a user-supplied host, which is expected for network path diagnostics but still performs outbound network probing.
subprocess.run(['traceroute', host])
Use it only for hosts you are authorized to diagnose, and review the destination before allowing the agent to run it.
The skill may fail or behave differently depending on which traceroute implementation is installed locally.
The metadata does not declare any required binary, while the script relies on the system traceroute command. This is an installation/provenance clarity issue, not evidence of malicious behavior.
Required binaries (all must exist): none; Required binaries (at least one): none
Confirm that a trusted traceroute binary is installed on the system before using the skill.