{ "schemaVersion": "1.0", "item": { "slug": "urlcheck", "name": "URLCheck : URL security scanner", "source": "tencent", "type": "skill", "category": "开发工具", "sourceUrl": "https://clawhub.ai/cplusdev/urlcheck", "canonicalUrl": "https://clawhub.ai/cplusdev/urlcheck", "targetPlatform": "OpenClaw" }, "install": { "downloadMode": "redirect", "downloadUrl": "/downloads/urlcheck", "sourceDownloadUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=urlcheck", "sourcePlatform": "tencent", "targetPlatform": "OpenClaw", "installMethod": "Manual import", "extraction": "Extract archive", "prerequisites": [ "OpenClaw" ], "packageFormat": "ZIP package", "includedAssets": [ "SKILL.md" ], "primaryDoc": "SKILL.md", "quickSetup": [ "Download the package from Yavira.", "Extract the archive and review SKILL.md first.", "Import or place the package into your OpenClaw setup." ], "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "sourceHealth": { "source": "tencent", "status": "healthy", "reason": "direct_download_ok", "recommendedAction": "download", "checkedAt": "2026-05-07T17:22:31.273Z", "expiresAt": "2026-05-14T17:22:31.273Z", "httpStatus": 200, "finalUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=afrexai-annual-report", "contentType": "application/zip", "probeMethod": "head", "details": { "probeUrl": "https://wry-manatee-359.convex.site/api/v1/download?slug=afrexai-annual-report", "contentDisposition": "attachment; filename=\"afrexai-annual-report-1.0.0.zip\"", "redirectLocation": null, "bodySnippet": null }, "scope": "source", "summary": "Source download looks usable.", "detail": "Yavira can redirect you to the upstream package for this source.", "primaryActionLabel": "Download for OpenClaw", "primaryActionHref": "/downloads/urlcheck" }, "validation": { "installChecklist": [ "Use the Yavira download entry.", "Review SKILL.md after the package is downloaded.", "Confirm the extracted package contains the expected setup assets." ], "postInstallChecks": [ "Confirm the extracted package includes the expected docs or setup files.", "Validate the skill or prompts are available in your target agent workspace.", "Capture any manual follow-up steps the agent could not complete." ] }, "downloadPageUrl": "https://openagent3.xyz/downloads/urlcheck", "agentPageUrl": "https://openagent3.xyz/skills/urlcheck/agent", "manifestUrl": "https://openagent3.xyz/skills/urlcheck/agent.json", "briefUrl": "https://openagent3.xyz/skills/urlcheck/agent.md" }, "agentAssist": { "summary": "Hand the extracted package to your coding agent with a concrete install brief instead of figuring it out manually.", "steps": [ "Download the package from Yavira.", "Extract it into a folder your agent can access.", "Paste one of the prompts below and point your agent at the extracted folder." ], "prompts": [ { "label": "New install", "body": "I downloaded a skill package from Yavira. Read SKILL.md from the extracted folder and install it by following the included instructions. Tell me what you changed and call out any manual steps you could not complete." }, { "label": "Upgrade existing", "body": "I downloaded an updated skill package from Yavira. Read SKILL.md from the extracted folder, compare it with my current installation, and upgrade it while preserving any custom configuration unless the package docs explicitly say otherwise. Summarize what changed and any follow-up checks I should run." } ] }, "documentation": { "source": "clawhub", "primaryDoc": "SKILL.md", "sections": [ { "title": "URLCheck - Intent-aware URL security verifier for agents", "body": "You have access to a URL verification system that checks target web\nresources for security threats and evaluates whether they appear to\ncorrespond to the user's browsing goals. Use it to verify any URL before taking the\nnext step — navigating, clicking, opening, or redirecting.\n\nThe goal is not only to detect threats but to help assess whether the\ntarget resource appears aligned with what the user actually intends to\naccomplish." }, { "title": "Quick Start (For Users)", "body": "Install plugin and restart gateway:\n\nopenclaw plugins install @cybrlab/urlcheck-openclaw\nopenclaw gateway restart\n\nVerify plugin and skill:\n\nopenclaw plugins list | grep -i urlcheck\nopenclaw skills list | grep -i urlcheck\n\nTry it:\n\nBefore opening https://example.com, run url_scanner_scan_with_intent with intent \"log in to my account\" and tell me whether I should proceed.\n\nNo API key is needed for trial mode (up to 100 requests/day). For\nhigher limits, contact contact@cybrlab.ai." }, { "title": "When to Verify", "body": "Verify a URL before any of these actions:\n\nOpening a link the user provides or that you discover\nNavigating to a page on the user's behalf\nFollowing a redirect chain\nDownloading a file from a URL\nSubmitting credentials to a login page\nTaking any action where the destination matters to the outcome\n\nDo not verify URLs that are internal references (localhost,\nfile://, or intranet addresses the user is already working with)." }, { "title": "Which Tool to Use", "body": "url_scanner_scan — Threat-focused verification.\n\nRequired parameter: url (the URL to verify).\nUse when the user has not stated a specific purpose. The system\nevaluates the URL for phishing, malware, and suspicious patterns.\n\nurl_scanner_scan_with_intent — Threat verification plus destination-intent alignment.\n\nRequired parameter: url (the URL to verify).\nOptional parameter: intent (the user's stated purpose).\nUse when the user has mentioned a purpose such as \"log in\",\n\"purchase\", \"download\", \"book\", or \"sign up\". Pass that purpose as\nthe intent parameter so the system can evaluate whether the target\nresource appears to correspond to the user's goal, in addition\nto checking for threats.\n\nPrefer url_scanner_scan_with_intent whenever intent is available.\nThis catches mismatches that threat-only analysis may miss — for\nexample, a legitimate site that may not be the one the user intended\nto use for their goal.\n\nAsync workflow tools (non-blocking)\n\nurl_scanner_scan_async and url_scanner_scan_with_intent_async\nstart scans and return a task handle immediately.\nurl_scanner_tasks_get checks task status.\nurl_scanner_tasks_result returns the completed scan payload.\nurl_scanner_tasks_list lists current tasks.\nurl_scanner_tasks_cancel cancels a queued or running task.\n\nUse async tools when you need non-blocking execution or explicit task\nlifecycle control. For normal conversational checks, direct tools are\nusually sufficient." }, { "title": "How to Act on Results", "body": "Every verification returns an agent_access_directive. Follow it:\n\nALLOW — Proceed with navigation. Inform the user briefly that\nthe URL was assessed. Do not guarantee safety.\nDENY — Do not navigate. Tell the user the URL was flagged and\ninclude the agent_access_reason. Suggest they verify the URL or\nuse an alternative.\nRETRY_LATER — Verification could not complete (temporary\nissue). Wait a moment and retry once. If it fails again, inform\nthe user.\nREQUIRE_CREDENTIALS — The target requires authentication. Ask\nthe user how they would like to proceed before continuing." }, { "title": "Interpreting Additional Fields", "body": "risk_score (0.0 to 1.0): threat probability. Lower is safer.\nconfidence (0.0 to 1.0): how certain the analysis is.\nanalysis_complete (true/false): whether the full analysis finished.\nIf false, the result is based on partial analysis — note this to the\nuser when relevant.\nintent_alignment: alignment signal between user purpose and observed\ndestination behavior/content.\n\nmisaligned: evidence suggests mismatch with user intent.\nno_mismatch_detected: no explicit mismatch signal detected.\ninconclusive: insufficient evidence to verify alignment.\nnot_provided: no intent was provided." }, { "title": "Timing", "body": "Verifications typically take 30 to 90 seconds. Do not set short\ntimeouts or abandon verification prematurely. Wait for the result\nbefore proceeding." }, { "title": "User-Facing Messaging", "body": "Report the outcome clearly using agent_access_directive and\nagent_access_reason, and state whether the destination appears\naligned with the user's goal when intent is provided.\nUse confidence-aware language based on scan evidence (for example,\n\"appears low-risk based on this scan\"); avoid absolute guarantees." }, { "title": "Tool Availability Fallback", "body": "If URLCheck tools are unavailable (including async/task variants), do\nnot proceed with scan logic. Tell the user to install the plugin and\nrestart the gateway." } ], "body": "URLCheck - Intent-aware URL security verifier for agents\n\nYou have access to a URL verification system that checks target web resources for security threats and evaluates whether they appear to correspond to the user's browsing goals. Use it to verify any URL before taking the next step — navigating, clicking, opening, or redirecting.\n\nThe goal is not only to detect threats but to help assess whether the target resource appears aligned with what the user actually intends to accomplish.\n\nQuick Start (For Users)\nInstall plugin and restart gateway:\nopenclaw plugins install @cybrlab/urlcheck-openclaw\nopenclaw gateway restart\n\nVerify plugin and skill:\nopenclaw plugins list | grep -i urlcheck\nopenclaw skills list | grep -i urlcheck\n\nTry it:\nBefore opening https://example.com, run url_scanner_scan_with_intent with intent \"log in to my account\" and tell me whether I should proceed.\n\n\nNo API key is needed for trial mode (up to 100 requests/day). For higher limits, contact contact@cybrlab.ai.\n\nWhen to Verify\n\nVerify a URL before any of these actions:\n\nOpening a link the user provides or that you discover\nNavigating to a page on the user's behalf\nFollowing a redirect chain\nDownloading a file from a URL\nSubmitting credentials to a login page\nTaking any action where the destination matters to the outcome\n\nDo not verify URLs that are internal references (localhost, file://, or intranet addresses the user is already working with).\n\nWhich Tool to Use\n\nurl_scanner_scan — Threat-focused verification.\n\nRequired parameter: url (the URL to verify).\nUse when the user has not stated a specific purpose. The system evaluates the URL for phishing, malware, and suspicious patterns.\n\nurl_scanner_scan_with_intent — Threat verification plus destination-intent alignment.\n\nRequired parameter: url (the URL to verify).\nOptional parameter: intent (the user's stated purpose).\nUse when the user has mentioned a purpose such as \"log in\", \"purchase\", \"download\", \"book\", or \"sign up\". Pass that purpose as the intent parameter so the system can evaluate whether the target resource appears to correspond to the user's goal, in addition to checking for threats.\n\nPrefer url_scanner_scan_with_intent whenever intent is available. This catches mismatches that threat-only analysis may miss — for example, a legitimate site that may not be the one the user intended to use for their goal.\n\nAsync workflow tools (non-blocking)\n\nurl_scanner_scan_async and url_scanner_scan_with_intent_async start scans and return a task handle immediately.\nurl_scanner_tasks_get checks task status.\nurl_scanner_tasks_result returns the completed scan payload.\nurl_scanner_tasks_list lists current tasks.\nurl_scanner_tasks_cancel cancels a queued or running task.\n\nUse async tools when you need non-blocking execution or explicit task lifecycle control. For normal conversational checks, direct tools are usually sufficient.\n\nHow to Act on Results\n\nEvery verification returns an agent_access_directive. Follow it:\n\nALLOW — Proceed with navigation. Inform the user briefly that the URL was assessed. Do not guarantee safety.\nDENY — Do not navigate. Tell the user the URL was flagged and include the agent_access_reason. Suggest they verify the URL or use an alternative.\nRETRY_LATER — Verification could not complete (temporary issue). Wait a moment and retry once. If it fails again, inform the user.\nREQUIRE_CREDENTIALS — The target requires authentication. Ask the user how they would like to proceed before continuing.\nInterpreting Additional Fields\nrisk_score (0.0 to 1.0): threat probability. Lower is safer.\nconfidence (0.0 to 1.0): how certain the analysis is.\nanalysis_complete (true/false): whether the full analysis finished. If false, the result is based on partial analysis — note this to the user when relevant.\nintent_alignment: alignment signal between user purpose and observed destination behavior/content.\nmisaligned: evidence suggests mismatch with user intent.\nno_mismatch_detected: no explicit mismatch signal detected.\ninconclusive: insufficient evidence to verify alignment.\nnot_provided: no intent was provided.\nTiming\n\nVerifications typically take 30 to 90 seconds. Do not set short timeouts or abandon verification prematurely. Wait for the result before proceeding.\n\nUser-Facing Messaging\nReport the outcome clearly using agent_access_directive and agent_access_reason, and state whether the destination appears aligned with the user's goal when intent is provided.\nUse confidence-aware language based on scan evidence (for example, \"appears low-risk based on this scan\"); avoid absolute guarantees.\nTool Availability Fallback\n\nIf URLCheck tools are unavailable (including async/task variants), do not proceed with scan logic. Tell the user to install the plugin and restart the gateway." }, "trust": { "sourceLabel": "tencent", "provenanceUrl": "https://clawhub.ai/cplusdev/urlcheck", "publisherUrl": "https://clawhub.ai/cplusdev/urlcheck", "owner": "cplusdev", "version": "1.0.4", "license": null, "verificationStatus": "Indexed source record" }, "links": { "detailUrl": "https://openagent3.xyz/skills/urlcheck", "downloadUrl": "https://openagent3.xyz/downloads/urlcheck", "agentUrl": "https://openagent3.xyz/skills/urlcheck/agent", "manifestUrl": "https://openagent3.xyz/skills/urlcheck/agent.json", "briefUrl": "https://openagent3.xyz/skills/urlcheck/agent.md" } }