Web Monitor
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running checks will contact the saved URLs and may retrieve content from any URL that was added to the watch list.
The tool fetches user-configured URLs over the network, which is central to web monitoring but should be limited to pages the user intends to monitor.
req = Request(url, headers=req_headers) with urlopen(req, timeout=30) as resp:
Only add trusted, intended web URLs, review the watch list before using `check` on all entries, and avoid monitoring sensitive internal or local addresses unless that is deliberate.
Saved snapshots may contain sensitive page text or prompt-like content from websites and can remain on disk after use.
The skill persistently stores retrieved web page content and diffs, which is expected for monitoring but can later be surfaced back into an agent session as untrusted web content.
Stored in `~/.web-monitor/` ... `watches.json` — watch list config ... `snapshots/` — stored page content + diffs
Treat snapshot and diff contents as untrusted website text, avoid monitoring private pages unless local storage is acceptable, and delete or relocate `~/.web-monitor/` when records are no longer needed.
If the `uv` examples are used, the environment may resolve and use an external package for selector support.
The quick-start examples use `uv --with beautifulsoup4`, an optional dependency resolution path, while the registry lists no install specification or required binaries.
uv run --with beautifulsoup4 python scripts/monitor.py add "https://example.com"
Use a trusted Python environment and, if CSS selector support is needed, consider installing or pinning `beautifulsoup4` through your normal dependency management process.