← Back to Skills Marketplace
285
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install phishing-reporter
Description
Report phishing, malware, and scam URLs to Google Safe Browsing, NCSC (Swiss Cyber Security), and other abuse reporting services. Use when a user shares a su...
Usage Guidance
This skill appears to do what it says (automating abuse reports), but be cautious before installing:
- Ask the author (or check platform docs) how the 'browser tool (profile: openclaw)' is implemented. If the agent will use an existing browser profile, it could access cookies, active sessions, or saved credentials — prefer an isolated/incognito profile for automation.
- The SKILL.md mentions running 'whois' but declares no required binaries; ensure the runtime has whois or accept the web fallback (who.is) and that the agent won't try to execute unexpected shell commands.
- The note about reCAPTCHA v3 'usually passes for headless browsers' suggests attempts to automate around CAPTCHA defenses; decide whether you are comfortable with that behavior and check legal/policy implications.
- If you plan to enable autonomous invocation, restrict scope or test in a controlled environment first. If possible, request from the author a clear statement that no personal data or credentials will be used during automation and that automation runs in a fresh browser context.
Capability Analysis
Type: OpenClaw Skill
Name: phishing-reporter
Version: 1.1.0
The phishing-reporter skill is designed to help users report malicious URLs to legitimate security authorities such as Google Safe Browsing and the Swiss National Cyber Security Centre (NCSC). The instructions in SKILL.md and references/services.md provide clear, automated workflows for interacting with official reporting forms and chat wizards, with no evidence of data exfiltration, malicious execution, or prompt injection.
Capability Assessment
Purpose & Capability
The name and description (report phishing URLs to abuse services) match the SKILL.md: it lists Google Safe Browsing, NCSC, registrars, and other reporting endpoints and gives step-by-step browser automation instructions. Minor mismatch: SKILL.md suggests running 'whois <domain>' or using who.is, but the skill declares no required binaries — the author assumes platform tools exist.
Instruction Scope
Instructions rely on browser automation with a specific profile ('openclaw') which could give access to cookies, stored sessions, or other browser state if implemented literally; the skill does not describe isolating the automation (incognito/clean profile). It also notes that reCAPTCHA v3 'usually passes for headless browsers' — wording that implies attempting automated CAPTCHA bypass, which is sensitive and may conflict with site policies or create abuse risk. Otherwise instructions stay within the stated reporting purpose and do not ask to read unrelated files or env vars.
Install Mechanism
No install spec and no code files (instruction-only). This is lowest-risk from an install/execution standpoint — nothing will be downloaded or written by the skill itself.
Credentials
The skill requests no environment variables or credentials, which is appropriate. However, it does rely on platform capabilities (a browser automation tool and optionally the 'whois' binary) without declaring them; use of a named browser profile is a privacy/credential risk that isn't justified or explained in the SKILL.md.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request permanent presence or claim to modify other skills or system-wide settings. Autonomous invocation is enabled by default but not by itself a red flag here.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install phishing-reporter - After installation, invoke the skill by name or use
/phishing-reporter - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.0
Added NCSC Switzerland (chat wizard workflow + direct path URLs), domain registrar reporting, expanded services reference
v1.0.0
Initial release: Report phishing URLs to Google Safe Browsing via browser automation
Metadata
Frequently Asked Questions
What is Phishing Reporter?
Report phishing, malware, and scam URLs to Google Safe Browsing, NCSC (Swiss Cyber Security), and other abuse reporting services. Use when a user shares a su... It is an AI Agent Skill for Claude Code / OpenClaw, with 285 downloads so far.
How do I install Phishing Reporter?
Run "/install phishing-reporter" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Phishing Reporter free?
Yes, Phishing Reporter is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Phishing Reporter support?
Phishing Reporter is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Phishing Reporter?
It is built and maintained by xenofex7 (@xenofex7); the current version is v1.1.0.
More Skills