PizzINT Monitor
AdvisoryAudited by VirusTotal on Apr 8, 2026.
Overview
Type: OpenClaw Skill Name: pizzint-monitor Version: 1.1.0 The PizzINT Monitor skill is designed to scrape and report on the 'Pentagon Pizza Index' from pizzint.watch. The code in pizzint.py uses standard subprocess calls to curl and regex for data extraction, and the SKILL.md instructions focus on report generation and logical consistency checks without any signs of data exfiltration, malicious execution, or prompt injection attacks.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A web page could contain misleading or prompt-like text that appears in the agent's context.
The skill asks the agent to use a browser tool against a public external site and capture page content. This is aligned with the stated monitoring purpose, but the retrieved DOM should be treated as untrusted data.
open https://pizzint.watch/ ... snapshot / screenshot 获取完整 DOM
Use an isolated browser session as the skill suggests and treat page content as data, not as instructions for the agent to follow.
Running the skill performs an outbound request to pizzint.watch from the user's environment.
The Python script invokes curl as a subprocess, but the command uses a fixed URL and no shell interpolation, making it purpose-aligned and relatively contained.
subprocess.run(['curl', '-s', '--max-time', '10', 'https://pizzint.watch/'], capture_output=True, text=True, timeout=15)
Run it only if you are comfortable with that network request; no credentials are required by the artifacts.
External text could bias the agent's reasoning or be mistaken for verified intelligence.
The skill includes live external OSINT and prediction-market text in the generated report. That retrieved content may be unreliable or adversarial even though it is relevant to the skill's purpose.
OSINT 动态摘要 ... Polymarket 预测市场(实时)
Cross-check important claims and do not let retrieved OSINT text override the user's original goal or safety constraints.
Users could overreact to speculative threat labels if they treat them as authoritative predictions.
The report uses high-impact military-risk language, but it also includes a clear disclaimer that the pizza index is only an OSINT reference and does not prove causation.
DOUGHCON ... 5 | 🚨 CRISIS - Military Operation Imminent ... ⚠️ 披萨指数是 OSINT 开源情报工具,相关性≠因果性,仅供参考。
Treat the output as a lightweight OSINT signal only, not as a basis for consequential security, political, financial, or operational decisions.
Users have less information for independently verifying the origin or maintenance of the skill.
The registry metadata does not provide an upstream source or homepage. The included files are simple, but provenance is limited.
Source: unknown; Homepage: none
Review the included files before running and prefer skills with clear source provenance when possible.