← Back to Skills Marketplace

Headers

Name: Headers
Author: rogue-agent1

by rogue-agent1 · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ✓ Security Clean

120

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install headers

Description

Audit HTTP security headers for any website — checks HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, COOP, CORP, and...

README (SKILL.md)

security-headers 🔒

HTTP security headers auditor with grading and info leak detection.

Commands

# Check one or more sites (auto-adds https://)
python3 scripts/headers.py github.com example.com

# JSON output
python3 scripts/headers.py --json example.com

Checks (9 headers)

🔴 High: Strict-Transport-Security (HSTS), Content-Security-Policy (CSP)
🟡 Medium: X-Content-Type-Options, X-Frame-Options, Referrer-Policy
🟢 Low: Permissions-Policy, X-XSS-Protection, COOP, CORP

Grading

A (≥78%): 7+ headers present
B (≥56%): 5-6 headers
C (≥33%): 3-4 headers
D (≥11%): 1-2 headers
F (0%): No security headers

Info Leak Detection

Flags Server, X-Powered-By, X-AspNet-Version, X-Generator headers that reveal technology stack.

Usage Guidance

This skill appears to do exactly what it says: it issues GET requests to target URLs, inspects headers, and prints a grade. It does not request credentials, write installs, or phone home. Before installing or enabling it for autonomous use, confirm you trust the source (source/homepage unknown) and consider the environment where the agent will run: the skill can request arbitrary URLs, so avoid running it in an agent that has access to sensitive internal networks or services you don't want probed. If you need to run audits on production/internal sites, review the included scripts locally or run them in a network-restricted sandbox.

Capability Analysis

Type: OpenClaw Skill Name: headers Version: 1.0.0 The skill bundle is a legitimate HTTP security header auditing tool. It uses the standard Python 'urllib' library to fetch and analyze headers (e.g., HSTS, CSP, X-Frame-Options) from user-provided URLs to provide a security grade. The code in 'headers.py' and 'scripts/headers.py' is transparent, contains no external dependencies, and shows no signs of malicious intent, data exfiltration, or prompt injection.

Capability Assessment

✓ Purpose & Capability

Name/description match the actual behavior: the scripts issue HTTP GETs, inspect response headers, grade presence of security headers, and report info-leak headers. No unrelated credentials, binaries, or config paths are requested. The duplicate files (headers.py and scripts/headers.py) are identical copies — a minor hygiene issue but not a security mismatch.

ℹ Instruction Scope

SKILL.md instructs running the included Python script which performs network requests to the provided URLs and prints/returns JSON. The instructions do not read local files, environment variables, or send data to third-party endpoints. Note: because the skill performs arbitrary HTTP requests, an agent running it could be used to probe internal or private endpoints if the agent has network access; this is expected behavior for a network-scanning utility but is a risk to be aware of.

✓ Install Mechanism

No install spec; the skill is instruction-and-script-only and relies on Python's stdlib (urllib). This is low-risk: nothing is downloaded or written during install.

✓ Credentials

The skill requests no environment variables or credentials. Its network access is proportional to its purpose (it must perform HTTP requests to audit headers). There are no unrelated secret accesses or config paths.

✓ Persistence & Privilege

always is false and the skill does not request persistent system privileges or modify other skills. The skill can be invoked autonomously by the agent (platform default), which is expected for a utility — combine this with the note above about network reach when deciding deployment policy.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install headers
After installation, invoke the skill by name or use /headers
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

Initial release of security-headers skill. - Audits HTTP security headers for any website and grades security posture A–F. - Checks 9 essential headers including HSTS, CSP, and X-Frame-Options. - Detects server information leakage via headers like Server and X-Powered-By. - Provides command-line usage for single or multiple sites, with optional JSON output. - Zero external dependencies.

Metadata

Slug headers

Version 1.0.0

License MIT-0

All-time Installs 1

Active Installs 1

Total Versions 1

Frequently Asked Questions

What is Headers?

Audit HTTP security headers for any website — checks HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, COOP, CORP, and... It is an AI Agent Skill for Claude Code / OpenClaw, with 120 downloads so far.

How do I install Headers?

Run "/install headers" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Headers free?

Yes, Headers is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Headers support?

Headers is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Headers?

It is built and maintained by rogue-agent1 (@rogue-agent1); the current version is v1.0.0.

More Skills