← Back to Skills Marketplace
johnnywang2001

CORS Tester

by John Wang · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ✓ Security Clean
213
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install cors-tester
Description
Test and debug CORS (Cross-Origin Resource Sharing) configurations on live URLs. Use when checking if a server returns correct CORS headers, debugging CORS e...
README (SKILL.md)

cors-tester

Test, debug, and generate CORS configurations from the command line.

Quick Start

# Test CORS headers on a URL
python3 scripts/cors_tester.py test https://api.example.com/data --origin https://myapp.com

# Test preflight (OPTIONS) request
python3 scripts/cors_tester.py preflight https://api.example.com/data --origin https://myapp.com --method POST --header "Content-Type"

# Generate CORS config for a framework
python3 scripts/cors_tester.py config --framework nginx --origins "https://myapp.com,https://staging.myapp.com" --methods "GET,POST,PUT,DELETE"

# Audit CORS security
python3 scripts/cors_tester.py audit https://api.example.com/data

Commands

test

Send a request with an Origin header and inspect the CORS response headers.

python3 scripts/cors_tester.py test \x3Curl> --origin \x3Corigin> [--method GET]

Options:

  • --origin \x3Curl> — Origin to test (required)
  • --method \x3Cmethod> — HTTP method (default: GET)
  • --verbose — Show all response headers

Output shows:

  • Access-Control-Allow-Origin — Whether the origin is allowed
  • Access-Control-Allow-Credentials — Whether credentials are supported
  • Access-Control-Expose-Headers — Which headers are exposed

preflight

Send an OPTIONS preflight request to test if a cross-origin request would be allowed.

python3 scripts/cors_tester.py preflight \x3Curl> --origin \x3Corigin> [--method POST] [--header Content-Type]

Options:

  • --origin \x3Curl> — Origin to test (required)
  • --method \x3Cmethod> — Method to request (default: POST)
  • --header \x3Cname> — Custom header to request (repeatable)

Output shows:

  • Access-Control-Allow-Methods — Allowed methods
  • Access-Control-Allow-Headers — Allowed headers
  • Access-Control-Max-Age — Preflight cache duration

audit

Check a URL for common CORS misconfigurations and security issues.

python3 scripts/cors_tester.py audit \x3Curl>

Checks for:

  • Wildcard origin (*) with credentials
  • Origin reflection (server echoes any origin back)
  • Missing Vary: Origin header
  • Overly permissive allowed methods
  • Missing preflight cache (Access-Control-Max-Age)

config

Generate CORS configuration snippets for common frameworks.

python3 scripts/cors_tester.py config --framework \x3Cname> --origins \x3Corigins> [--methods \x3Cmethods>] [--headers \x3Cheaders>] [--credentials]

Options:

  • --framework \x3Cname> — Target: nginx, apache, express, flask, fastapi, rails
  • --origins \x3Ccsv> — Comma-separated allowed origins
  • --methods \x3Ccsv> — Comma-separated methods (default: GET,POST,OPTIONS)
  • --headers \x3Ccsv> — Comma-separated allowed headers (default: Content-Type,Authorization)
  • --credentials — Allow credentials
  • --max-age \x3Cseconds> — Preflight cache (default: 86400)
Usage Guidance
This appears to be a straightforward CORS testing tool. Before using it: 1) Understand it will perform live HTTP/OPTIONS requests to any URL you supply — don't scan internal/private hosts or systems you don't have permission to test. 2) The tool prints responses to stdout (no credentials are requested or exfiltrated), but responses may contain sensitive headers from the target server; treat output accordingly. 3) If you need extra safety, review the script locally or run it in a sandboxed environment. 4) If you plan automated or bulk scanning, be mindful of rate limits and legal/ethical rules for probing third-party servers.
Capability Analysis
Type: OpenClaw Skill Name: cors-tester Version: 1.0.0 The `cors-tester` skill is a legitimate utility for testing, debugging, and auditing CORS configurations. The Python script `scripts/cors_tester.py` uses standard libraries to perform HTTP requests and analyze response headers for security misconfigurations like origin reflection or overly permissive wildcards. No evidence of data exfiltration, malicious execution, or harmful intent was found in the code or the `SKILL.md` instructions.
Capability Assessment
Purpose & Capability
Name/description (CORS testing, preflight, audit, config generation) matches the included script and SKILL.md. The tool only needs to issue HTTP requests and generate text snippets — no unexpected binaries, credentials, or platform access are requested.
Instruction Scope
SKILL.md instructs running the included Python script with URL and origin parameters. The runtime instructions and script operate on the supplied target URLs and do not instruct reading local files, environment variables, or sending data to third-party endpoints. Behavior is scoped to making HTTP/OPTIONS requests and printing results.
Install Mechanism
No install spec (instruction-only) and only an included Python script. There are no downloads, package installs, or archive extraction steps declared. The script uses Python's standard library (urllib) so no extra dependencies are required.
Credentials
The skill declares no required environment variables, credentials, or config paths, and the script does not access unrelated environment secrets. All inputs (URLs, origins, headers) are provided by the user at runtime.
Persistence & Privilege
Skill is not forced-always, does not modify other skills or system-wide configs, and requests no persistent privileges. It runs as an on-demand utility that makes outbound HTTP requests.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install cors-tester
  3. After installation, invoke the skill by name or use /cors-tester
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of cors-tester. - Test CORS headers and configurations on live URLs. - Debug CORS errors, including preflight (OPTIONS) requests. - Audit URLs for common CORS misconfigurations and security issues. - Generate CORS configuration snippets for major web frameworks (nginx, apache, express, flask, fastapi, rails). - Command-line interface for quick testing, auditing, and configuration tasks.
Metadata
Slug cors-tester
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is CORS Tester?

Test and debug CORS (Cross-Origin Resource Sharing) configurations on live URLs. Use when checking if a server returns correct CORS headers, debugging CORS e... It is an AI Agent Skill for Claude Code / OpenClaw, with 213 downloads so far.

How do I install CORS Tester?

Run "/install cors-tester" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is CORS Tester free?

Yes, CORS Tester is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does CORS Tester support?

CORS Tester is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created CORS Tester?

It is built and maintained by John Wang (@johnnywang2001); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463556 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259610 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200551 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191226 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190235 · by oswalpalash

💬 Comments