Url Shorten
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a simple URL-shortening skill, with the main caveat that URLs are sent to TinyURL or Bitly and an optional Bitly token may be used.
This skill is reasonable for shortening ordinary URLs. Before using it, avoid submitting URLs that contain secrets or sensitive parameters, and be aware that setting BITLY_TOKEN lets the skill use your Bitly account.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Any URL shortened through this skill may be visible to TinyURL or Bitly, depending on which provider is used.
The core function sends the user-provided URL to an external URL-shortening provider. This is disclosed and purpose-aligned, but URLs can contain sensitive query parameters or private resource names.
Shorten URLs via tinyurl or bitly API. Requires `BITLY_TOKEN` env var for bitly; falls back to tinyurl if not set.
Avoid shortening URLs that contain secrets, private tokens, or sensitive query parameters.
If BITLY_TOKEN is set, the skill may act through the associated Bitly account, affecting that account's link history, quotas, or analytics.
The skill may use a Bitly API token from the environment. This is appropriate for a Bitly integration, but the registry metadata does not declare a primary credential or required environment variable.
Requires `BITLY_TOKEN` env var for bitly; falls back to tinyurl if not set.
Use a dedicated, least-privileged Bitly token if possible, and unset BITLY_TOKEN when you do not want the skill to use Bitly.