ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Web Monitor

v1.0.1

Monitor web pages for content changes and get alerts. Track URLs, detect updates, view diffs. Use when asked to watch a website, track changes on a page, mon...

3· 3.7k·44 current·45 all-time
by@rogue-agent1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, SKILL.md usage examples, README, and scripts/monitor.py all align: the code implements URL fetching, snapshotting, diffs, and keyword alerts which match the stated purpose.
Instruction Scope
Runtime instructions tell the agent to run scripts/monitor.py which performs HTTP(S) requests to arbitrary URLs and writes data to ~/.web-monitor (overridable via WEB_MONITOR_DIR). This is expected for a monitor, but it means the skill will fetch whatever URL it is asked to watch (including internal/localhost addresses if supplied). The instructions do not read other unrelated system files or exfiltrate data to third-party endpoints.
Install Mechanism
No install spec is included; this is instruction + source-code only. The script is pure Python with an optional dependency (beautifulsoup4) referenced by the SKILL.md; nothing is downloaded from untrusted URLs or installed automatically.
Credentials
The skill requests no credentials or sensitive env vars. It optionally respects WEB_MONITOR_DIR to change storage location; no unrelated secrets or config paths are required.
Persistence & Privilege
always is false and the skill does not request elevated/system-wide privileges or modify other skills. It stores data only under the user's configured data directory.
Assessment
This skill appears to do exactly what it claims: fetch pages, save snapshots in ~/.web-monitor, and compute diffs. Before installing or allowing autonomous use, consider: (1) the agent will fetch any URL you or the agent adds — avoid adding internal/localhost endpoints if you don't want those probed, (2) stored snapshots live under your home directory (overridable with WEB_MONITOR_DIR), and (3) if you need CSS-selector support install beautifulsoup4 in the environment. No credentials are requested and there are no hidden network callbacks in the code, but be cautious about which URLs the agent is permitted to monitor.

Like a lobster shell, security has layers — review code before you run it.

latestvk9727cpw1hvvjf2ymr4h796xms83qry7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments