ClawHub

Phishing Reporter

Report phishing, malware, and scam URLs to Google Safe Browsing, NCSC (Swiss Cyber Security), and other abuse reporting services. Use when a user shares a suspicious/phishing URL and wants it reported, or asks to report a dangerous website. Triggers on phrases like "report phishing", "melde diese Seite", "report this URL", "phishing melden", "scam melden", "report abuse".

Audits

Pass
ClawScanPass

Agentic behavior and permission review.

Static analysisPass

Pattern checks against bundled files.

VirusTotalPass

Multi-engine malware detections and file reputation.

Install

openclaw skills install phishing-reporter

Phishing Reporter

Report dangerous URLs to abuse/safety services via browser automation.

Reporting Strategy

Report to all applicable services in order:

  1. Google Safe Browsing (automated) — global reach, blocks in Chrome/Firefox/Safari
  2. NCSC Switzerland (semi-automated) — Swiss national cyber security centre
  3. Domain registrar (manual) — WHOIS lookup → abuse contact

Service 1: Google Safe Browsing (fully automated)

URL: https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en

Workflow

Use the browser tool (profile: openclaw) to automate:

  1. Open the URL above
  2. Report Type: "This page is not safe" (default, leave as-is)
  3. Click "Threat Type" dropdown → select "Social Engineering" (for phishing)
  4. Click "Threat Category" dropdown → select best match (see references/services.md)
  5. Click URL textbox → type the phishing URL
  6. Click Additional details textbox → type description
  7. Click Submit
  8. Verify "Submission was successful" message

Notes

  • Form uses custom dropdowns: click combobox → click option in listbox
  • reCAPTCHA v3 runs invisibly — usually passes for headless browsers
  • If CAPTCHA blocks: provide manual instructions as fallback

Service 2: NCSC Switzerland (chat wizard)

URL: https://www.report.ncsc.admin.ch/en/

The NCSC uses a multi-step chat wizard (not a simple form). Automate via browser:

Chat Path for Phishing Website Reports

  1. Open https://www.report.ncsc.admin.ch/en/chat?path=406%3E407%3E1
  2. Click: "A website/a web service/a web platform"
  3. Click: "I would like to report a third-party website"
  4. Click: "The website displays fraudulent content"
  5. Click: "The website copies another known website" (for phishing clones)
  6. Continue through remaining steps (URL input, description, contact info)
  7. Submit the report

Direct Path URL (skips first steps)

https://www.report.ncsc.admin.ch/en/chat?path=406%3E407%3E1%3E128%3E132%3E133%3E314%3E130%3E135

Notes

  • Wizard is stateful — each step reveals the next
  • No CAPTCHA, but many clicks required
  • Email alternative: notification@ncsc.ch (include URL and description)
  • If automation fails, provide the direct path URL + instructions

Service 3: Domain Registrar (manual lookup)

  1. Run WHOIS lookup: whois <domain> or use https://who.is/<domain>
  2. Find "Registrar Abuse Contact Email"
  3. Send abuse email with phishing URL and description

Additional Details Template

Phishing site impersonating [BRAND]. Domain mimics [REAL SERVICE] customer service.
Designed to steal [banking credentials / login data / personal information].

Fallback: Manual Instructions

If automated submission fails, provide the user with:

  1. Direct links to each reporting form
  2. The URL to report
  3. Recommended categories/types
  4. Pre-written description text

Additional Reporting Services

See references/services.md for full list including Cloudflare, PhishTank, and APWG.