ClawHub

Netmap

v1.0.2

Scan and map all devices on the local network. Discovers IPs, hostnames, vendors, and device types. Tracks when devices first appeared and were last seen. Su...

0· 165·0 current·0 all-time
by@wrentheai
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match behavior: script runs nmap, parses results, enriches with ARP and vendor lookups, persists a device DB at ~/.config/netmap/devices.json. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
SKILL.md and the script align: they instruct running nmap scans, listing, labeling, exporting, and a watch mode. The code performs reverse DNS and an external HTTP call to api.macvendors.com for vendor lookups — this external call is outside the LAN but is reasonably related to the stated purpose (vendor resolution). The instructions explicitly note sudo may be needed for full MAC/ARP info. There is no instruction to read unrelated local files or environment variables.
Install Mechanism
No install spec — instruction-only with an included Python script. The script expects nmap to be installed by the user (brew or package manager). Nothing is downloaded or installed automatically by the skill.
Credentials
The skill requires no credentials or env vars. However, it makes outbound HTTP requests to api.macvendors.com (sends MAC addresses) and writes persistent files under ~/.config/netmap (devices.json and vendor_cache.json). Consider privacy implications of vendor lookups and stored device history.
Persistence & Privilege
The skill persists only its own database and cache in the user's home config directory. It does not request always:true and does not modify other skills or system-wide agent settings. Watch mode performs periodic scans (default every 2 minutes) which is expected for the feature but may be noisy.
Assessment
This skill appears to do what it claims: local network discovery using nmap and a local device DB. Before installing, ensure you: (1) have (or are willing to install) nmap; (2) are comfortable running network scans and occasional port fingerprinting (may be disallowed on some networks); (3) understand that MAC addresses are sent to api.macvendors.com for vendor lookup (privacy/third-party disclosure); (4) may need to run with sudo to see full MAC/vendor info; and (5) that the tool stores history in ~/.config/netmap/devices.json — delete that file if you want to remove stored data. If you need to avoid external calls, consider modifying the script to skip lookup_vendor or use a local OUI database instead.

Like a lobster shell, security has layers — review code before you run it.

latestvk97brk9gcktadjzm2396gnhhnh837qg4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments