site analyzing tools
v1.0.2站点综合分析工具,析出域名/IP的机房位置、ISP、网络路径、robots策略等完整站点画像。当用户要分析某个域名或IP的机房部署、归属、网络质量时触发。支持:分析源机房位置、ISP/ASN归属、GeoDNS/CDN检测、traceroute路径分析、延迟探测、robots.txt策略。首次使用自动探测本机网络环...
⭐ 1· 356·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (DNS, traceroute, ping, whois, robots, IP ownership) match the included scripts and runtime behavior. External services (ip-api, ipinfo, ipify, public DoH endpoints) and local binaries (dig/traceroute/ping/whois when available) are used in ways expected for this purpose. The manifest lists no required env vars or credentials, which aligns with the implementation.
Instruction Scope
SKILL.md and the scripts limit actions to network discovery: probing host public IP and DNS, fetching robots.txt, running whois/traceroute/ping, and querying public IP lookup APIs. The agent is instructed to create/read ~/.site-analyzer-env.json (used as baseline) and to call only the listed scripts. There are no instructions to read unrelated local files, other agents' configs, or secrets.
Install Mechanism
No install spec; the skill ships as code files and runs in-place. No remote downloads, package installs, or extracted archives are performed by the skill itself.
Credentials
The skill requests no credentials and does not access environment variables. However it makes multiple outbound calls to third-party services (api.ipify.org, ip-api.com via HTTP, ipinfo.io via HTTPS, public DoH endpoints, and robots/target sites). Those calls will disclose the probe host's IP and timing to those services and are intrinsic to the tool's function.
Persistence & Privilege
The skill writes a small JSON file at ~/.site-analyzer-env.json to store probe results; always:false and no system-wide config changes. This persistent file is reasonable for baseline measurements but is a change to the user's home directory that the user should be aware of.
Assessment
This skill appears to be what it claims: a network/site analysis toolkit. Before installing or running it, note: (1) it will make many outbound requests to public services (ip-api, ipinfo, ipify, Google/Cloudflare DoH) and to the target site(s) — your machine's IP and basic metadata will be visible to those services; (2) it writes ~/.site-analyzer-env.json to your home directory on first run; (3) it will invoke local networking tools (dig, traceroute, ping, whois) if present and fall back to HTTPS APIs in some cases; (4) it sets the User-Agent to mimic Googlebot when fetching robots.txt. If you are comfortable with those network disclosures, running this skill is reasonable. If you need extra caution, run it in an isolated environment (container/VM) or review/modify the scripts (e.g., change endpoints, remove Googlebot UA, or disable automatic probing) before use.Like a lobster shell, security has layers — review code before you run it.
latestvk97dwwcn71ckxk17egr5nq2xsd82r355
License
MIT-0
Free to use, modify, and redistribute. No attribution required.