Uptime Monitor
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill appears to do what it claims—check URLs, send optional downtime alerts, and keep local uptime logs—with no hidden or destructive behavior found.
This skill is reasonable to use if you are comfortable with it checking the URLs you provide, sending downtime details to your configured webhook or email, and keeping local log files. Keep webhook URLs secret, monitor only intended services, and periodically review or clear logs if endpoint names are sensitive.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can make network requests to URLs it is asked to check, including internal or private URLs if supplied.
The script uses curl against a caller-supplied URL. This is central to uptime monitoring, but users should ensure it is only run against intended endpoints.
CURL_OUTPUT=$(curl --silent --show-error --max-time 10 ... "$URL" 2>&1)
Use this only for services you intend to monitor, and avoid passing untrusted or unexpected URLs to the check script.
If a webhook URL is configured, downtime details such as the monitored URL, status code, response time, and error are sent to that destination.
The skill can post alert messages to a configured webhook URL, which often functions like a secret granting posting permission to a Slack, Discord, or PagerDuty destination.
WEBHOOK_URL="${ALERT_WEBHOOK_URL:-}" ... curl ... -d "$payload" "$WEBHOOK_URL"Use a scoped alert webhook, keep the webhook URL secret, and rotate it if it is exposed.
Private service names or URLs may remain on disk in the skill's log files.
The skill stores monitored URLs and uptime results in local log files for later reporting.
echo "$(date -u +%Y-%m-%dT%H:%M:%SZ)|$URL|OK|$status_code|${time_total}s" >> "$LOG_DIR/status.log"Review or delete the logs if monitored endpoints are sensitive, and avoid monitoring URLs that contain secrets.
Users have less external context for the maintainer or update history.
The registry metadata does not provide a source repository or homepage, so provenance is limited even though the included scripts are small and reviewable.
Source: unknown Homepage: none
Review the included scripts before use and prefer pinned, known sources for production monitoring.