Skillv1.0.1

ClawScan security

ip-lookup · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 10, 2026, 7:11 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: This skill does what it says — a stdlib-only Python IP/hostname lookup that queries public IP intelligence APIs; its requirements and instructions are consistent with the described purpose.
Guidance: This skill appears internally consistent and uses only standard Python libraries. Before installing/running, consider: (1) network lookups send the queried IP/hostname to public third-party services — avoid using it on sensitive internal/private addresses if you don't want that data shared, and expect rate limits; (2) if you enable the AbuseIPDB option you must set ABUSEIPDB_KEY — treat that key as sensitive; (3) you can inspect the bundled scripts (they are included) — they appear to only perform the described lookups. If you need an offline or privacy-preserving workflow, do not enable the script or run it in a restricted environment.

Purpose & Capability: okThe name/description match the code and SKILL.md: geolocation (ip-api/ipwho.is), PTR (dns.google), RDAP (ARIN/RIPE) and optional AbuseIPDB checks. The declared runtime requirement (python3) aligns with the provided Python script; no unrelated credentials or binaries are requested.
Instruction Scope: noteSKILL.md and the script limit actions to network lookups for the target (DNS resolution, HTTP RDAP/geo/abuse queries). Note: every lookup sends the target IP/hostname to third-party services (ip-api.com, ipwho.is, dns.google, rdap.arin.net/ripe, and optionally api.abuseipdb.com), which is expected for this purpose but may reveal investigation targets to those providers.
Install Mechanism: okNo install spec; the skill is instruction-only and ships a standalone Python script that uses only the standard library. Nothing is downloaded or written to disk at install time beyond the included files.
Credentials: noteNo required environment variables. The only sensible optional credential is ABUSEIPDB_KEY for the optional AbuseIPDB panel, which the SKILL.md documents. This is proportionate to the stated optional feature; no unrelated secrets or config paths are requested.
Persistence & Privilege: okalways is false and the skill does not request persistent or system-wide privileges. It does not modify other skills or system configuration.