Uptime Checker
PassAudited by ClawScan on May 1, 2026.
Overview
The skill appears to be a straightforward uptime checker, with user-directed network checks and optional local history storage that are disclosed and aligned with its purpose.
This skill looks benign for checking website or API availability. Before installing, be careful with Authorization headers, avoid POST unless the endpoint is safe, and protect any saved history files that include private service URLs.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If you include an API token or Authorization header, it will be sent in the HTTP request to the URL being checked.
The skill supports user-provided authentication headers for API checks. This is purpose-aligned, but it means credentials may be sent to the checked endpoint.
python3 scripts/uptime_check.py https://api.example.com --header "Authorization:Bearer token123"
Use custom authentication headers only with trusted endpoints, avoid putting real secrets in shared command logs, and prefer least-privilege monitoring tokens.
Using POST against an endpoint could trigger an action on that service rather than only checking availability.
The tool allows methods beyond safe read-only checks, including POST. This is disclosed and user-directed, but POST requests can have side effects on some APIs.
parser.add_argument("--method", default="GET", choices=["GET", "HEAD", "POST", "OPTIONS"], help="HTTP method (default: GET)")Use GET or HEAD for routine monitoring unless you know the endpoint is safe to call with POST.
Saved history files may reveal which internal or private services you monitor and their uptime status.
The skill can persist URL check history locally when requested. This is disclosed and bounded, but the history may contain private/internal URLs and availability data.
if args.save:
history = load_history(args.history_file)
history.extend(results)
# Keep last 10000 entriesStore history files in an appropriate location, avoid sharing them if they contain internal URLs, and delete old history when no longer needed.
You have less external provenance information to verify who maintains the skill or where updates originate.
The registry metadata does not provide an upstream source or homepage. The included script is visible and has no install dependencies, so this is a provenance note rather than a behavioral concern.
Source: unknown; Homepage: none
Review the included code before installing and prefer updates from a trusted registry owner or repository when available.