GEO Site Readiness Audit
PassAudited by ClawScan on May 10, 2026.
Overview
This appears to be a straightforward website-audit tool, with expected network requests and local report writing, but users should run it only on authorized sites and treat optional scheduling or notification examples carefully.
Before installing, confirm you are comfortable running Python code that contacts the websites you specify and writes local reports. Use it only on sites you are authorized to audit, install dependencies from a trusted environment, and do not enable scheduled jobs or webhook/email notifications unless you intentionally want those behaviors.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Audited sites will receive traffic from the user's machine or agent environment; internal or private hosts could also be contacted if the user supplies them.
The auditor performs outbound HTTP requests to a user-supplied website. This is expected for the stated website-audit purpose, but it means the user's environment will contact the target site.
resp = requests.get(url, headers=self.headers, timeout=self.timeout, allow_redirects=True)
Run audits only against sites you own or have permission to test, and use timeout or delay settings for responsible scanning.
The skill may fail until dependencies are installed, and users may manually install an unpinned package.
The script depends on the third-party requests package, while the provided registry requirements list no install spec or required binaries. This is not malicious, but it is under-declared setup.
import requests ... Install with: pip install requests
Install dependencies from a trusted Python environment; the maintainer should declare Python and requests requirements explicitly.
If users follow those examples, they may need to locate or run extra code outside this reviewed skill.
The integration documentation references helper scripts that are not included in the provided file manifest, so those workflows are not reviewable in this artifact set.
python scripts/check_threshold.py audit.json --min-score 20 ... python scripts/compare_audits.py reports/*.json --output comparison.html
Use only the provided scripts unless you independently review any additional helper scripts.
Webhook URLs or notification configs could expose reports or secrets if committed or shared.
The references describe optional webhook or notification integrations. No such credentials are required by default, but webhook URLs are sensitive and report delivery would send data to external services if enabled.
"slack": { "url": "https://hooks.slack.com/services/..." ... } ... python scripts/geo_audit.py example.com --notify slackTreat webhook and email configuration as secret, verify destinations, and enable notifications only when needed.
If configured, the audit could keep running on a schedule and continue generating traffic and reports after the initial setup.
The documentation includes optional cron and systemd timer examples for recurring audits. This is user-directed persistence, not hidden automatic behavior.
Scheduled Audits ... # Daily audit at 6 AM ... OnCalendar=daily ... Persistent=true
Only create scheduled jobs intentionally, document where they are installed, and remove the cron entry or systemd timer when no longer needed.