Geizhals.at
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a benign Geizhals price-checking skill, with expected outbound web requests and optional short-lived local caching.
This skill does not request credentials or broad local access. Before installing, be aware that it will contact Geizhals.at for searches, relies on unofficial page parsing, and can optionally write fetched pages to a local cache; use small limits and a dedicated cache directory if you enable caching.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Users have less external provenance information to rely on when deciding whether to trust the skill.
The skill has limited provenance metadata, although the provided artifacts do not show a remote installer, hidden dependency, or malicious supply-chain behavior.
Source: unknown; Homepage: none
Review the included files before use and prefer a version with a public source or homepage if provenance is important.
In normal use this supports Geizhals lookups, but if an upstream response contained an unexpected absolute URL, the script could make an outbound request outside Geizhals.
Detail-page URLs come from the Geizhals autocomplete response and absolute URLs are accepted without visible host validation before being fetched.
if first.startswith("http"):
return firstKeep use limited to intended searches; a hardening improvement would be to validate that fetched detail URLs remain on geizhals.at.
Cached Geizhals page content may remain on disk for a short time and could affect repeated results if the cache directory is shared or modified.
When a cache directory is supplied, fetched HTML is stored locally and reused briefly, which is expected for caching but creates persistent local state.
CACHE_TTL_SECONDS = 900 ... _cache_path(cache_dir, url).write_text(body, encoding="utf-8")
Use a dedicated temporary cache directory if enabling caching, or omit --cache-dir when persistence is not needed.