ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Healthprobe

v1.0.0

Probe any URL and check if it's up. Returns the HTTP status code, response latency in milliseconds, and a healthy/not-healthy verdict. Configurable timeout....

0· 59·0 current·0 all-time
by@mirni
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, declared binaries (python), declared dependencies (fastapi, uvicorn, pydantic, httpx), and code implementing /v1/probe all align with a URL health-checking service.
Instruction Scope
SKILL.md instructs running a local FastAPI server and POSTing arbitrary URLs to /v1/probe — this is consistent with purpose. However, the ability to request any URL means the skill can be used to reach internal services (SSRF/internal network scanning) or cloud metadata endpoints if not sandboxed; the README does not include any allowlist/denylist or additional safeguards.
Install Mechanism
Install spec uses PyPI packages (fastapi, uvicorn, pydantic, httpx), which is expected. Risk: packages are not version-pinned in the manifest, creating a supply-chain risk if you want to lock reproducible installs.
Credentials
The skill requires no environment variables, no credentials, and no config paths — this is proportionate to a network probe service.
Persistence & Privilege
The skill is not forced-always, does not request elevated persistence, and does not modify other skills or system-wide configs. It runs a local server when started, which is expected for this design.
Assessment
This skill appears to do exactly what it says: run a local HTTP service that probes arbitrary URLs. Before installing, consider: (1) SSRF risk — the skill will perform outbound requests to any URL you pass it, including internal IPs or cloud metadata endpoints; run it in an isolated environment or restrict egress if you don't want internal scanning. (2) Supply-chain caution — pip packages are not version-pinned; consider pinning or auditing dependencies before installation. (3) Operational limits — the server listens on a port (example uses 8009); ensure it is firewall-protected if you run it on a shared host. If you plan to allow autonomous agent use of this skill, restrict or validate target URLs to avoid unintended network probing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97e7j2bb0ynbhxa7mmfhw87ds84s64p

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

💓 Clawdis
Binspython

Install

uv

Comments