Uptime Monitor Agent
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill appears to perform its stated uptime-checking purpose, with expected network checks, optional alert delivery, and local logging that users should be aware of.
This skill is reasonable for checking website availability. Before using it, confirm the URLs are intended to be contacted from your machine, protect any webhook URL you configure, and remember that local logs may retain monitored endpoint names and outage details.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If given an internal, private, or unintended URL, the skill will attempt to contact it from the user's environment.
The script performs a curl request to the user-supplied URL. This is central to uptime monitoring, but users should understand it can make outbound requests to any supplied target.
CURL_OUTPUT=$(curl --silent --show-error --max-time 10 ... "$URL" 2>&1)
Only provide URLs you intend to monitor, and avoid passing untrusted or sensitive internal endpoints unless that is your goal.
The skill can send monitored URL, status, response time, and error details to the configured alert destination.
A configured webhook URL can authorize posting alerts to a third-party service such as Discord, Slack, or PagerDuty. This is expected for alerting but should be treated like a secret.
WEBHOOK_URL="${ALERT_WEBHOOK_URL:-}" ... curl --silent --max-time 10 -H "Content-Type: application/json" -d "$payload" "$WEBHOOK_URL"Use a dedicated, limited-scope webhook if possible, and avoid monitoring URLs whose names or errors should not be shared with that alert channel.
Local logs may contain a history of monitored endpoints and failures.
The skill persists monitored URLs and status results to a local log that report.sh later summarizes. This is purpose-aligned, but the log may reveal internal service names or availability history.
echo "$(date -u +%Y-%m-%dT%H:%M:%SZ)|$URL|OK|$status_code|${time_total}s" >> "$LOG_DIR/status.log"Review or delete the skill's logs if monitored URLs or outage history are sensitive.