ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Clank Website Monitor

v1.0.0

Monitor websites for changes, new content, and price alerts. Perfect for tracking competitors, job postings, or product prices.

0· 45·0 current·0 all-time
by@t3mr0i
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims many features (price tracking with selectors, screenshot comparison, OpenClaw alerts, cron integration), but the provided script only performs a simple full-page MD5 check via curl and stores results under $HOME/.website-monitor. Claims like selector-based extraction, screenshot diffs, and alert delivery are not implemented in the code or install instructions.
!
Instruction Scope
SKILL.md demonstrates CLI usage with a 'website-monitor' command and shows a sample implementation that references sending alerts via OpenClaw; the shipped script is named scripts/monitor.sh (website-monitor.sh usage) and prints to stdout and persists md5 files. There is a mismatch between the documented CLI, the script name/behavior, and the promised notification behavior. The instructions also list required binaries (curl, md5sum) even though the registry metadata lists none.
!
Install Mechanism
There is no install spec despite providing a runnable script and CLI-like instructions. Without an install step or packaging, the documented 'website-monitor' command will not be made available automatically. This packaging omission is an operational incoherence and could lead to unexpected manual steps or user errors.
Credentials
The skill requests no environment variables or secret credentials. The script uses $HOME for local state and uses curl to fetch monitored URLs — both are proportionate to the stated purpose. No evidence of requesting unrelated credentials or reading other configuration.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and persists only to its own directory ($HOME/.website-monitor). That level of persistence is reasonable for a monitor tool, though users should review what is stored.
What to consider before installing
This skill appears to be a simple file-backed website-change checker, but it currently over-promises features and lacks a clear install path. Before installing or running it: 1) Ask the author how the 'website-monitor' command is installed and how alerts are delivered (OpenClaw integration is referenced but not implemented). 2) If you need selector-based price tracking or screenshots, request a headless-browser implementation (e.g., Puppeteer) and an explanation of external dependencies. 3) Verify presence of required binaries (curl, md5sum) or provide an install script. 4) Review the repository URL and author provenance; run the script in a restricted environment first, since it fetches arbitrary URLs and writes to $HOME/.website-monitor. 5) If you plan to monitor internal sites, consider network egress controls. These inconsistencies look like incomplete packaging or poor documentation rather than explicit maliciousness, but confirm the missing pieces before trusting it with sensitive data or broad autonomous invocation.

Like a lobster shell, security has layers — review code before you run it.

automationvk977g8v91fxzexk7h6v0qxh0h583rey1latestvk977g8v91fxzexk7h6v0qxh0h583rey1monitoringvk977g8v91fxzexk7h6v0qxh0h583rey1websitesvk977g8v91fxzexk7h6v0qxh0h583rey1

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

👁️ Clawdis

Comments