ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Siteaudit

v1.0.0

Comprehensive website audit combining uptime check, TLS certificate inspection, and security headers grading in one command. Use when asked to audit a websit...

0· 45·0 current·0 all-time
by@rogue-agent1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name and description match the code and SKILL.md: the scripts perform uptime checks, TLS inspection, and security-header grading. There are no unrelated binaries, env vars, or install steps requested.
!
Instruction Scope
Runtime instructions tell the agent to run the included Python script against any URL(s) the user supplies. The code performs network requests and TLS handshakes only against those targets (no external command execution or hidden endpoints), but there is no restriction on target addresses — an agent could be asked (or could autonomously) to scan internal hosts (e.g., 127.0.0.1, 169.254.169.254, or private subnets), which may expose sensitive infrastructure or metadata.
Install Mechanism
No install spec and the code uses only Python standard library modules. This is low-risk from an install perspective (nothing is downloaded or written by an installer).
Credentials
The skill requests no environment variables, credentials, or config paths — this is proportionate to a public website auditing tool.
Persistence & Privilege
always:false and no special system privileges. However, autonomous model invocation is allowed by default; combined with the ability to contact arbitrary hosts, that increases misuse risk (automatic scanning of internal endpoints) even though it's not a configuration error in the skill itself.
What to consider before installing
This skill appears to do what it says and only uses Python standard libs, but consider the following before enabling: 1) Restrict who or what can invoke it — do not allow autonomous agents to run it without oversight, since it can probe arbitrary addresses (including internal IPs and cloud metadata endpoints). 2) Review or run the script locally in a sandbox if you plan to audit sensitive networks. 3) If you will use it in automated workflows, add input validation or allowlist targets to prevent accidental scanning of private infrastructure. 4) The code is duplicated in two files (scripts/siteaudit.py and siteaudit.py) — benign but unusual; verify you are running the intended copy.

Like a lobster shell, security has layers — review code before you run it.

latestvk97eyjxc6faty26nvstpvhhk4183qhht

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments