Broken Link Checker
PassAudited by ClawScan on May 1, 2026.
Overview
This skill is a straightforward link checker that makes user-supplied HTTP/HTTPS requests and does not show hidden credential, file, persistence, or destructive behavior.
This appears safe for its stated purpose. Before installing, understand that it will make network requests to the URLs supplied to it, so avoid giving it internal, private, or sensitive URLs unless you explicitly want those checked.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may contact any HTTP-like URL it is given, including private or internal addresses if a user or agent passes them.
The skill sends outbound HEAD requests to URL arguments. This is expected for a broken-link checker, but the code does not independently restrict targets to public external URLs.
const urls = args.filter(arg => arg.startsWith('http')); ... protocol.request(url, { method: 'HEAD', timeout: 5000 }Use it only with URLs you intend to test; if deploying broadly, consider enforcing http:// or https:// and blocking private/internal address ranges.