Back to skill
Skillv1.0.0
ClawScan security
WebsiteMonitor · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 9, 2026, 12:56 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's requested actions and resources match its stated purpose (periodic HTTP checks, local storage, daily HTML reports); it does not ask for unrelated credentials or risky install steps.
- Guidance
- This skill appears coherent and implements what it promises, but take these precautions before running generated code: 1) Review the generated Python scripts before executing them. 2) The code performs outbound HTTP requests to whatever URLs you configure and writes data/reports to local directories (data/ and reports/). Run it in a suitable environment (container or dedicated host) if you are concerned about filesystem clutter or network scope. 3) Install required Python dependencies (e.g., requests) yourself; the skill does not provide an installer. 4) If you enable notifications (email/webhook), supply credentials/URLs only after verifying the notification code and consider using credentials with minimal privileges. 5) If you want scheduled runs, configure a scheduler (cron, systemd timer, or Docker) manually and review those scheduler entries for safety.
Review Dimensions
- Purpose & Capability
- okName/description match the instructions: monitoring URLs, recording status codes/latency, storing data, and generating daily HTML reports. No unrelated credentials, binaries, or config paths are requested.
- Instruction Scope
- noteThe SKILL.md provides full code templates that read config.json, write to local data/ and reports/ directories, and perform outbound HTTP GETs to the monitored targets. This is within scope, but the skill will write files to disk and requires network access to the targets. It also references optional notifications (email/webhook) which would require collecting separate credentials/URLs if the user enables them—those are not requested up front.
- Install Mechanism
- noteThis is an instruction-only skill with no install spec. The provided Python code depends on the third-party 'requests' package (and standard libraries). No installer or external downloads are specified, which is low risk, but users must install Python dependencies themselves before running the generated code.
- Credentials
- okThe skill does not request environment variables, secrets, or external service credentials. File system writes are limited to the project's data and reports directories, which is appropriate for this functionality. If notifications are enabled, the user would need to supply credentials (SMTP, webhook URLs) separately—this is expected but not requested by the skill itself.
- Persistence & Privilege
- okalways is false and the skill does not request elevated or persistent system-wide privileges. It will create local files (database and HTML reports) within the project's directories as expected for a monitoring tool.