Uptime Monitor
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is a straightforward uptime checker that contacts user-specified URLs, optionally sends alerts to a user-configured webhook or email, and keeps local uptime logs.
This skill appears safe for its stated purpose. Before using it, choose monitored URLs carefully, avoid secrets in URLs, use a limited-scope webhook or trusted email destination for alerts, and remember that uptime logs will persist locally until removed.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If misused, the skill could probe internal or sensitive URLs from the user's environment, even though it discards response bodies.
The health-check script accepts a URL argument and uses curl to contact it. This is central to uptime monitoring, but it means the agent can make outbound requests to any target it is asked to check.
URL="${1:?Usage: $0 <url>}" ... curl --silent --show-error --max-time 10 ... "$URL"Use it only with URLs you intend to monitor, and require explicit confirmation before checking private, internal, or unfamiliar endpoints.
Anyone or any agent run with this environment variable can send alert messages to the configured webhook destination.
A webhook URL is credential-like because it can authorize posting into a Discord, Slack, PagerDuty, or similar destination. The use is disclosed and purpose-aligned for alerts.
WEBHOOK_URL="${ALERT_WEBHOOK_URL:-}" ... curl --silent --max-time 10 ... -d "$payload" ... "$WEBHOOK_URL"Use a narrowly scoped webhook, avoid sharing it, and rotate it if it may have been exposed.
Private service names, internal URLs, or error details could be visible in the configured chat or incident-management system.
When webhook alerting is enabled, the script sends monitored URL, status, response time, and error details to the configured external webhook.
{"name": "URL", "value": "$url", "inline": true} ... {"name": "Error", "value": "$error_msg", "inline": false} ... -d "$payload" ... "$WEBHOOK_URL"Do not include secrets in monitored URLs, and send alerts only to trusted destinations with appropriate access controls.
Local logs may retain private endpoint names and uptime history until the user removes them.
The skill persistently logs monitored URLs and status information to local files for later reporting.
echo "$(date -u +%Y-%m-%dT%H:%M:%SZ)|$URL|OK|$status_code|${time_total}s" >> "$LOG_DIR/status.log"Review or clear the logs periodically, and avoid monitoring URLs that contain secrets or sensitive query parameters.