Web Site or Domain Name Basic Information Scanner
v1.0.0Comprehensive website analysis and scanning tool. Analyzes IP (IPv4/IPv6), DNS records, WHOIS data, website content (including Schema.org JSON-LD, robots.txt...
⭐ 0· 44·0 current·0 all-time
byHugo Gu@hugogu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The name/description match the included SKILL.md and scripts/scan.py. The code uses DNS (dig), WHOIS, HTTP requests, and content parsing—all expected for a website scanner. The requirements.txt and SKILL.md dependencies (requests, bs4, lxml) are proportional to the stated features.
Instruction Scope
SKILL.md instructs the agent to run dig and whois and to fetch robots.txt, sitemap.xml, llms.txt, etc., which the code implements. The skill performs external network calls (HTTP requests to target sites and third-party services) and may deep-scan client-side pages via Playwright (optional). These behaviors are within the scanner's stated scope but give the tool broad ability to fetch many pages and execute remote JS—so users should be careful when scanning private/internal hosts or in sensitive environments.
Install Mechanism
There is no automated install spec; the skill is instruction-only with an included requirements.txt. This is low risk because nothing is being downloaded/executed automatically by an installer; the user must pip-install and run the script manually.
Credentials
The skill requests no environment variables or credentials. It does call external APIs (e.g., ipapi.co for IP geolocation) and may scrape third-party services (Google index approximation), which is consistent with its purpose. No hidden credential access or unrelated env variables are requested.
Persistence & Privilege
always:false and the skill doesn't request persistent system-wide privileges. It does use subprocess to call dig/whois (expected) and runs HTTP requests; nothing suggests modification of other skills or global agent settings.
Assessment
This skill appears to do what it says: DNS/WHOIS lookups, content parsing, and optional deep crawling. Before installing/running: (1) review the full scripts/scan.py (the distributed file is large and was truncated in the manifest) to ensure there are no unexpected remote endpoints or telemetry; (2) be aware the scanner will make outbound HTTP requests (including to ipapi.co for geolocation) and may scrape search engines—do not point it at internal, sensitive, or private network addresses unless you trust the environment; (3) deep scans via Playwright can execute site JavaScript and generate a lot of traffic—use rate limits and max-pages flags; (4) run in an isolated/test environment if you have any doubt about data leakage; (5) confirm any legal/terms-of-service constraints before scraping third-party services (Google) or scanning sites you do not own.Like a lobster shell, security has layers — review code before you run it.
latestvk9780re7stem1jbz71k2ngfym9842fc0
License
MIT-0
Free to use, modify, and redistribute. No attribution required.