ClawHub
Back to skill
v1.0.0

Domain Monitor

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 7:21 AM.

Analysis

This skill appears consistent with its domain-monitoring purpose, with only expected local command use and a small local watchlist file to notice.

GuidanceBefore installing, be comfortable with the agent running local whois and openssl checks for domains you provide and storing the watchlist in ~/.domain_monitor.json. No evidence of hidden exfiltration, credential use, destructive behavior, or background persistence was found.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityLowConfidenceHighStatusNote
scripts/domain.py
subprocess.run(["whois", domain], ...); subprocess.run(["openssl", "s_client", "-connect", f"{domain}:443", "-servername", domain], ...)

The skill invokes local WHOIS and OpenSSL tools using the provided domain. This is expected for domain monitoring and uses argument lists rather than shell execution, but users should know the agent may run these local tools.

User impactRunning checks may contact WHOIS services and the target domain's TLS endpoint for domains the user asks to monitor.
RecommendationUse normal domain names you intend to monitor and ensure the local whois and openssl binaries are trusted.
Agentic Supply Chain Vulnerabilities
SeverityInfoConfidenceHighStatusNote
_meta.json
"requires": { "bins": ["python3", "whois", "openssl"] }, "install": []

The skill depends on preinstalled system binaries and has no installer. This is appropriate for the purpose, but the behavior depends on the user's local versions of those tools.

User impactIf the local system tools are missing or replaced by untrusted binaries, checks could fail or behave unexpectedly.
RecommendationInstall whois and openssl from trusted OS package sources and keep them updated.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
scripts/domain.py
DATA_FILE = os.path.expanduser("~/.domain_monitor.json")

The script persists the monitored domain list and last-check timestamps in a local JSON file for later reuse.

User impactThe local file may reveal which domains the user monitors, which could be business-sensitive in some cases.
RecommendationTreat ~/.domain_monitor.json as local monitoring data and delete it if you stop using the skill or no longer want the watchlist retained.