← Back to Skills Marketplace
1457
Downloads
0
Stars
0
Active Installs
8
Versions
Install in OpenClaw
/install page-behavior-audit
Description
Deep behavioral audit with hashed policy (CSP-compliant, no plaintext badwords)
Usage Guidance
This skill is plausibly a page-auditor but has several red flags you should address before installing: 1) Packaging mismatch — the registry metadata claims no required env vars, but SKILL.md and skill.yaml require WECOM_WEBHOOK_URL and OPENCLAW_AUDIT_DIR; confirm requirements with the author. 2) Data exfiltration risk — alerts send the aggregated report (which may contain up to 10k chars of page text, links, redirects, HAR/screenshot paths) to the configured WeCom webhook. Only set WECOM_WEBHOOK_URL to a trusted internal webhook; for initial testing use a disposable/internal sink. 3) Signature/verification placeholders — the policy signature and verification_url appear not verifiable from the bundle; if policy integrity is important, ask for a real signing key and verification endpoint. 4) Installer privileges — install.sh can copy files under system paths when run with --system; avoid running as root unless you trust and have reviewed the package. 5) Local permissions file — .claude/settings.local.json contains broad Bash permissions; confirm why shell execution is needed and remove/lock down unneeded permissions. Recommended actions: review skill.yaml and SKILL.md in full, run the skill in an isolated environment (container or VM) against non-sensitive targets, set OPENCLAW_AUDIT_DIR to an isolated directory, use a safe/test webhook for alerts, and verify the policy signature/verification process with the maintainer before using on production targets.
Capability Analysis
Type: OpenClaw Skill
Name: page-behavior-audit
Version: 1.0.7
The skill bundle itself appears to be a legitimate web page auditing tool, using built-in OpenClaw actions for browser automation, content policy checks, and alert notifications. However, the `.claude/settings.local.json` file grants the OpenClaw agent extremely broad permissions, specifically `Bash(bash:*)`. This allows the agent to execute arbitrary shell commands, which is a significant vulnerability. While the `skill.yaml` does not directly exploit this, such a broad permission creates a critical attack surface for potential prompt injection or other forms of agent compromise, leading to remote code execution.
Capability Assessment
Purpose & Capability
The declared functionality (browser automation, content-policy checks, HAR/screenshot exports, WeCom alerts) matches the actions defined in skill.yaml and SKILL.md. However registry metadata at the top of the report claimed no required env vars while both SKILL.md and skill.yaml declare two required env vars (WECOM_WEBHOOK_URL and OPENCLAW_AUDIT_DIR). This mismatch is a packaging/information-coherence issue and could confuse users about needed configuration.
Instruction Scope
Runtime steps perform browser navigation to arbitrary user-provided URLs, extract up to 10k characters of page text, capture links, save screenshots and HAR files, and (on critical findings) send the aggregated report (including alerts and extracted data) to the configured WeCom webhook. These instructions are within an auditor's scope but explicitly transmit scraped page content to an external endpoint; that data flow is sensitive and should be treated cautiously.
Install Mechanism
There is no remote download; install.sh is a local installer that copies skill.yaml into an OpenClaw skills directory and creates an audit directory. It supports a --system mode that will use sudo and write under /etc and /var. The installer does not fetch code from external URLs, which reduces supply-chain risk, but running it in system mode grants filesystem write capability and will create/own audit directories system-wide.
Credentials
Required env vars (WECOM_WEBHOOK_URL and OPENCLAW_AUDIT_DIR) are consistent with the described notification and storage features. However the webhook is used to transmit the full aggregated report (template data includes json .steps.aggregate-report.output), which can contain extracted page text, links, redirects, and possibly HAR metadata. If the webhook endpoint is untrusted or replaced with an attacker-controlled URL, this provides a clear exfiltration channel. Also the policy signature and verification_url look like placeholders and cannot be validated from the packaged files.
Persistence & Privilege
The skill does not request always:true and does not modify other skills' configs. The installer can write to system directories when run with --system (requires sudo). The .claude/settings.local.json included grants several Bash-related permissions (e.g., Bash(bash:*)) which is unusual in a skill bundle and should be reviewed; it suggests local tooling may run shell commands during development or verification.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install page-behavior-audit - After installation, invoke the skill by name or use
/page-behavior-audit - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.7
- Updated documentation to a structured format with sections for features, prerequisites, usage, configuration, and security.
- Added usage examples for both webhook and CLI.
- Clearly listed environment variables and input/output schema.
- Provided details on security policies and alert rules.
- No functional code changes; update is documentation-only.
v1.0.6
- Added README.md with documentation for the page-behavior-audit skill.
- No changes to code or core functionality.
v1.0.5
- Added environment variable requirements for WeCom webhook and audit log directory.
- Audit output paths now use the configurable OPENCLAW_AUDIT_DIR instead of hardcoded locations.
- Improved badwords policy metadata, including a verification URL and stronger signature.
- Removed obsolete documentation files (QUICKSTART.md, README.md, SECURITY.md).
- Set model_invocable to false to require use via explicit trigger, not model invocation.
v1.0.4
- Added QUICKSTART.md with setup and usage instructions.
- Added SECURITY.md outlining security practices and contact information.
v1.0.3
- Added local development and configuration files: .claude/settings.local.json, README.md, install.sh, package.json, and skill.yaml.
- Improved documentation and install process.
v1.0.2
- Added UI metadata to enable runnable mode and explicit input form in supported environments.
- Refactored YAML for improved clarity and structure (e.g., consistent step formatting).
- No changes to logic, features, or flow—behavior remains unchanged.
v1.0.1
- Updated version to 1.0.2 with improved policy compliance and auditing.
- Migrated policy to use only hashed (no plaintext) entries for CSP compliance.
- Added inline hashes and regex-hashes for badword/policy detection.
- Enhanced policy metadata with audit traceability (source, updated_at, signature).
- Removed plaintext documentation file; added .DS_Store.
v1.0.0
test
Metadata
Frequently Asked Questions
What is page-behavior-audit?
Deep behavioral audit with hashed policy (CSP-compliant, no plaintext badwords). It is an AI Agent Skill for Claude Code / OpenClaw, with 1457 downloads so far.
How do I install page-behavior-audit?
Run "/install page-behavior-audit" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is page-behavior-audit free?
Yes, page-behavior-audit is completely free (open-source). You can download, install and use it at no cost.
Which platforms does page-behavior-audit support?
page-behavior-audit is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created page-behavior-audit?
It is built and maintained by Youdaolee (@youdaolee); the current version is v1.0.7.
More Skills