ip-lookup
PassAudited by ClawScan on May 1, 2026.
Overview
This IP lookup skill appears purpose-aligned, but users should know it sends queried IPs to public lookup services and can optionally use an AbuseIPDB API key.
This skill is reasonable for public IP and hostname investigation. Before installing, be aware that queries go to third-party services such as ip-api.com, ipwho.is, RDAP providers, Google DNS, and optionally AbuseIPDB; avoid looking up sensitive internal addresses if that disclosure would be a problem.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An IP address you look up is shared with external lookup providers; the ip-api.com request is not encrypted.
The script sends the queried IP address to an external geolocation provider, and this primary geolocation request uses HTTP rather than HTTPS. This is purpose-aligned for IP lookup, but users should know the queried target and response can be visible or altered on that leg.
data = fetch(f"http://ip-api.com/json/{ip}", params={"fields": fields})Use this skill for IPs or hostnames you are comfortable disclosing to public lookup services. Avoid using it for sensitive internal addresses unless that disclosure is acceptable.
If you enable the AbuseIPDB check, your AbuseIPDB API key is sent to AbuseIPDB for the reputation query.
The optional AbuseIPDB check uses an API key supplied by the user. This is expected for the documented AbuseIPDB feature and the artifacts do not show logging or unrelated use of the key.
headers={"Key": api_key, "Accept": "application/json"}Only set ABUSEIPDB_KEY when you want to use the AbuseIPDB feature, and use a key scoped to that service.
The artifact provenance is not very descriptive, so it is harder to independently verify the exact source revision.
The local metadata is sparse and does not include a commit, while the registry metadata lists version 1.0.1 and an owner ID. This is a provenance/metadata consistency note, not evidence of malicious behavior.
"owner": "miketyzhang", "latest": { "version": "1.0.0", "commit": "" }Prefer installing from a publisher or repository you trust, and check that the registry metadata matches the artifact metadata before relying on it.