Is This Link Safe? (Scam & Phishing Checker)
v0.4.8Is this link safe or a scam? Paste any URL from LINE, SMS, or email to instantly detect phishing, fraud, or fake websites. 🚨 Identify scam links before you...
⭐ 1· 112·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the implementation: a Python-based URL scanner that checks local blocklist shards and applies heuristics. Required binaries (python3, curl) are exactly what the SKILL.md and setup script use. No unrelated credentials, exotic binaries, or system paths are requested.
Instruction Scope
SKILL.md instructs the agent to run lib/check_url.py for each URL and to proactively check URLs in messages when appropriate — this is within the stated purpose (scanning URLs). The script does fetch blocklist shards from GitHub (only the shard filename is requested, which reveals the first letter of domains), and it writes cache and data files locally. The proactive scanning wording gives the agent discretion to scan incoming messages, so users should be aware it will examine message text for URLs.
Install Mechanism
There is no opaque or third-party installer; the code is instruction-only with a setup.sh that downloads JSON shard files from a GitHub raw URL (a well-known host). Downloads are explicit, cached locally, and optional (--download-all). No downloads from shorteners or personal IPs were observed.
Credentials
The skill requests no environment variables or credentials, which is proportionate. It does create a cache directory in the user's home (~/.cache/phishguard) and may write shard files into the skill's data directory if you run --download-all; this file-system access is reasonable for a blocklist-based tool but should be expected. The privacy claim that only shard filenames (first letter) are fetched is consistent with the code.
Persistence & Privilege
The skill does not request 'always: true', does not modify other skills, and requires no special privileges. Its persistence is limited to caching shard files and optionally storing downloaded shards under the skill data directory — standard for this type of tool.
Assessment
This skill appears to do what it says: it checks URLs against local/remote blocklist shards and heuristic rules and does not ask for secrets. Before installing, consider: (1) it fetches blocklist shard files from GitHub (only the shard filename is requested, which can reveal the first letter of domains you check); (2) it writes a cache to ~/.cache/phishguard and can save shard files into the skill's data directory if you choose to pre-download — expect local disk usage and network activity; (3) the agent may proactively scan messages for URLs if enabled, so only enable/use it where you are comfortable with automatic URL inspection; (4) there are some broad whitelist entries in the code (e.g., TLD-like entries) that could cause false negatives — treat results as advisory, not infallible. If you want extra assurance, review the referenced GitHub repo (https://github.com/phishguard-niki/Phishguard) and run setup.sh in a controlled environment before enabling autonomous use.Like a lobster shell, security has layers — review code before you run it.
latestvk97eag591w6fzgcph5dkg0y37d84vr9p
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🛡️ Clawdis
Binspython3, curl