Ssl Checker
v3.0.0Check SSL certificate health, protocols, and cipher suites on domains. Use when auditing web security.
⭐ 0· 340·0 current·0 all-time
bybytesagain4@xueyetianya
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description match the included script's behavior: all commands perform SSL/TLS checks using openssl. However, the skill declares no required binaries while the script depends on openssl (and common coreutils like mkdir, grep, echo). The absence of openssl from the declared requirements is an omission but not an indication of misdirection.
Instruction Scope
SKILL.md simply wraps the bundled script and documents commands. The script only connects to the target domain (port 443) and writes a data directory under $HOME; it does not exfiltrate data or call external endpoints. Minor functional issues: cmd_report prints the literal string '=== SSL Report: $2 ===' due to single quotes (variable won't expand), and protocol flags may vary by OpenSSL version — these are bugs, not malicious behavior.
Install Mechanism
No install spec (instruction-only) and the shipped script is small and readable. Nothing is downloaded from external URLs or written outside the user's home directory. Risk from the install mechanism is low.
Credentials
The skill requests no credentials or environment variables. It creates and uses ~/.local/share/ssl-checker for local data, which is proportionate to producing reports. No access to other configs or secrets is requested.
Persistence & Privilege
always is false and the skill does not attempt to modify other skills or system-wide settings. It only creates its own data directory in the user's home, which is normal for a CLI-style tool.
Assessment
This skill appears to do what it claims: it runs openssl to inspect certificates and TLS parameters and stores any output under ~/.local/share/ssl-checker. Before installing/use: 1) ensure you have the openssl binary available (the manifest omits this requirement); 2) inspect scripts/script.sh yourself or run it in a sandbox if you have concerns; 3) be aware the tool connects to the target domain on port 443 (expected for SSL checks) and writes data to your home directory; 4) if you need automated or high-volume scanning, review rate limits and legal/ethical scanning policies for the targets. If you want higher assurance, request the publisher to add openssl to the declared required binaries and fix the minor cmd_report bug.Like a lobster shell, security has layers — review code before you run it.
latestvk97a6daqvjdtz3gawgwbpv9fmd836vmdproductivityvk974nksvry2rjvckfxa5qz80jh82rk43
License
MIT-0
Free to use, modify, and redistribute. No attribution required.