ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Port Check

v1.0.0

Check if services are responding on given host:port pairs. Supports TCP and HTTP checks with configurable timeout. Use for service monitoring, health checks,...

0· 706·0 current·0 all-time
by@rogue-agent1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description match the actual behavior. The script implements TCP checks with nc and optional HTTP checks with curl, which explains the declared required binaries. No unexpected capabilities are requested.
Instruction Scope
SKILL.md tells the agent to run scripts/port-check.sh and the script only opens local network connections to the host:port targets provided. It does not read unrelated files, access environment secrets, or send results to external endpoints. Note: the tool performs network probing, which is expected but may be sensitive in certain environments.
Install Mechanism
There is no install spec or remote download. The skill is instruction-and-script only; no code is fetched at install time and nothing is written to system paths by an installer.
Credentials
The skill requires no environment variables or credentials. The use of nc and curl is proportional and justified by the stated functionality.
Persistence & Privilege
always is false and the skill does not request persistent installation or modify other skills or system-wide configuration. Autonomous invocation is allowed by default but this skill does not request elevated privileges.
Assessment
This skill appears to do exactly what it says: run TCP and optional HTTP checks against host:port pairs using nc and curl. Before installing, review the provided script (already included) and confirm you are comfortable allowing network probes from the agent. Network scanning can be sensitive in corporate or external contexts—if you want to avoid accidental scanning, keep the skill user-invocable only (do not allow wide autonomous invocation) or run it in an environment with restricted network access.

Like a lobster shell, security has layers — review code before you run it.

latestvk976hbc9d9a4xxfy1wsf1mkd01816p26

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔌 Clawdis
Binsnc, curl

Comments