Back to skill
Skillv1.0.0
ClawScan security
Uptime Checker · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 14, 2026, 1:07 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code and instructions match its stated purpose (URL uptime checks) and it doesn't request extra credentials, unusual binaries, or remote installs.
- Guidance
- This skill appears coherent and implements a simple uptime checker in pure Python. Before installing/using: (1) review and run the included script locally to confirm behavior; (2) be careful when supplying Authorization or other sensitive headers via --header (those are sent to the checked URLs); (3) note the default history file (uptime_history.json) is written to the current directory—restrict filesystem permissions if that matters; (4) avoid --no-verify-ssl unless you trust the endpoint (it disables SSL checks). If you need the agent to run this skill autonomously, consider where it will run and what URLs/headers it will be given.
Review Dimensions
- Purpose & Capability
- okName/description align with included Python script: it performs HTTP(S) checks, measures response time, follows redirects, validates SSL, and tracks history. No unrelated credentials, binaries, or services are requested.
- Instruction Scope
- okSKILL.md instructs running the bundled script with CLI flags; the script only reads URLs from arguments or a provided file and reads/writes a local history file. It does not attempt to scan other parts of the filesystem, exfiltrate data to third parties, or access unspecified environment variables.
- Install Mechanism
- okNo install spec is provided and the skill is instruction-only aside from the included Python script. The script uses only the Python standard library (urllib, ssl, json, pathlib), so no external packages or downloads are required.
- Credentials
- noteThe skill requests no environment variables or credentials, which is appropriate. Caution: the CLI supports custom headers (e.g., Authorization) and these will be sent to target endpoints if supplied; the tool also writes a local history file (default uptime_history.json) which could contain result metadata. Ensure you don't pass secrets via --header unless intended and protect the history file if it will contain sensitive target metadata.
- Persistence & Privilege
- okThe skill is not always-enabled and does not modify other skills or global agent settings. It does persist check results to a local history file when --save is used, which is expected behavior for a monitor tool.