Skillv1.0.0

ClawScan security

Ping Monitor Hardened · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 29, 2026, 1:43 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's purpose and guardrails are sensible for running local ICMP checks, but the runtime instructions reference a 'ping-monitor' command that the package does not provide or install, an incoherence that could cause confusion or unexpected behavior.
Guidance: This skill appears to be a simple, well-guarded wrapper for running local ping checks, but there is an important documentation/integration mismatch: SKILL.md invokes a program named 'ping-monitor' while the skill declares only the standard 'ping' binary and supplies no install or wrapper. Before installing or invoking the skill, verify one of the following: (1) your agent environment provides a 'ping-monitor' command (some platforms may supply a wrapper), (2) you or the skill maintainer will supply/install that wrapper, or (3) update usage to call 'ping' directly (e.g., 'ping -c 4 host') so behavior is deterministic. Also note the guardrails: the skill is explicitly designed not to transmit ping output to external endpoints and requires explicit confirmation before pinging internal/metadata addresses — ensure those behaviors match your needs (for example, if you do want automated reporting to a webhook, do not rely on this skill as the transport). If you need higher assurance, ask the maintainer/source for clarification or a version that either provides the 'ping-monitor' binary or uses standard 'ping' commands in examples.

Review Dimensions

Purpose & Capability: concernThe declared purpose is an ICMP health check and the skill declares the standard 'ping' binary as a requirement — that is coherent. However, SKILL.md repeatedly shows commands like 'ping-monitor <host>' (and 'ping-monitor check ...') while the skill provides no 'ping-monitor' binary nor any install step to create it. This mismatch between the documented CLI and the actual declared requirement is an incoherence: a user (or agent) following the SKILL.md may attempt to run a non-existent tool.
Instruction Scope: okThe instructions themselves are narrowly scoped to running ICMP pings and include explicit safety guardrails (no external exfiltration of ping output, confirm before pinging RFC1918/loopback/metadata addresses, don't autonomously scan). Those guardrails are appropriate and limit scope. The only scope problem is the ambiguous instruction to 'execute ping-monitor directly' which assumes a wrapper exists; otherwise the instruction set stays within the described purpose.
Install Mechanism: okNo install spec and no code files (instruction-only) — low risk from installation. Nothing is downloaded or written to disk by the skill package itself.
Credentials: okNo environment variables, credentials, or config paths are requested. The permissions requested are minimal and proportional to an ICMP check utility.
Persistence & Privilege: okThe skill does not request persistent/always-on presence and uses normal agent invocation defaults. It does not modify other skills or system-wide configuration according to the provided metadata.