Back to skill
Skillv1.0.0
ClawScan security
Show My IP · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 20, 2026, 7:34 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is coherent with its description: a tiny shell script that queries a public IP service (ifconfig.me) and prints the result; it requests no credentials or installs and does not perform unexpected actions.
- Guidance
- This skill is small and appears to do exactly what it claims: run a shell script that calls ifconfig.me to obtain the machine's public IP. Before installing, consider whether you trust the third-party endpoint (ifconfig.me) because that service will see your server's IP when queried. If you prefer not to contact an external service, you can use local methods to infer outbound IPs (for example, querying a known host with a traceroute/ip route command or using a trusted STUN endpoint). As always, review the script (scripts/get-ip.sh) yourself — it's short and readable — and only enable the skill if you are comfortable with its network call.
Review Dimensions
- Purpose & Capability
- okName/description match the implementation. The only required capability is outbound HTTP (curl) to query a public IP service, which is appropriate for 'show my IP'.
- Instruction Scope
- noteSKILL.md directs running scripts/get-ip.sh which only performs two curl requests to https://ifconfig.me and prints results. This stays within the stated purpose, but it does contact a third-party service (ifconfig.me) — that external network call is expected but does disclose the host's public IP to that service.
- Install Mechanism
- okNo install spec; the skill is instruction+script only. Nothing is downloaded or written during install.
- Credentials
- okNo environment variables, credentials, or config paths are requested. The request surface is minimal and proportionate to the task.
- Persistence & Privilege
- okalways is false and the skill does not modify configs or request persistent presence. It runs only when invoked and does not require elevated privileges.