Phishing Reporter
PassAudited by ClawScan on May 1, 2026.
Overview
This is a coherent instruction-only phishing-reporting helper, but users should know it can submit reports and optional contact details to outside abuse services.
Install only if you want the agent to help submit phishing or scam reports to external services. Before use, verify the URL is actually suspicious, confirm which services should receive the report, and avoid sharing unnecessary personal contact information.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or poorly checked URL could be submitted as phishing to a safety service.
The skill directs browser automation to submit an external abuse-reporting form. This is the skill's stated purpose, but it is still an external action with real-world effect.
**Google Safe Browsing (fully automated)** ... 7. Click Submit
Confirm the exact URL and threat category with the user before submitting reports.
If the user provides the wrong URL, the report may be sent to multiple abuse desks or authorities.
The same report can be propagated to several organizations. This is disclosed and purpose-aligned, but a single mistaken input could spread across multiple reporting channels.
Report to **all applicable services** in order: ... Google Safe Browsing ... NCSC Switzerland ... Domain registrar
Before reporting to all services, verify the URL and consider whether each service is applicable.
Personal contact details or descriptive information may leave the local session and be sent to the reporting service.
The NCSC workflow may send the reported URL, description, and contact information to an external reporting service.
Continue through remaining steps (URL input, description, contact info)
Only include contact information and details the user explicitly agrees to share.