← Back to Skills Marketplace
Headers
by
rogue-agent1
· GitHub ↗
· v1.0.0
· MIT-0
120
Downloads
0
Stars
1
Active Installs
1
Versions
Install in OpenClaw
/install headers
Description
Audit HTTP security headers for any website — checks HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, COOP, CORP, and...
README (SKILL.md)
security-headers 🔒
HTTP security headers auditor with grading and info leak detection.
Commands
# Check one or more sites (auto-adds https://)
python3 scripts/headers.py github.com example.com
# JSON output
python3 scripts/headers.py --json example.com
Checks (9 headers)
- 🔴 High: Strict-Transport-Security (HSTS), Content-Security-Policy (CSP)
- 🟡 Medium: X-Content-Type-Options, X-Frame-Options, Referrer-Policy
- 🟢 Low: Permissions-Policy, X-XSS-Protection, COOP, CORP
Grading
- A (≥78%): 7+ headers present
- B (≥56%): 5-6 headers
- C (≥33%): 3-4 headers
- D (≥11%): 1-2 headers
- F (0%): No security headers
Info Leak Detection
Flags Server, X-Powered-By, X-AspNet-Version, X-Generator headers that reveal technology stack.
Usage Guidance
This skill appears to do exactly what it says: it issues GET requests to target URLs, inspects headers, and prints a grade. It does not request credentials, write installs, or phone home. Before installing or enabling it for autonomous use, confirm you trust the source (source/homepage unknown) and consider the environment where the agent will run: the skill can request arbitrary URLs, so avoid running it in an agent that has access to sensitive internal networks or services you don't want probed. If you need to run audits on production/internal sites, review the included scripts locally or run them in a network-restricted sandbox.
Capability Analysis
Type: OpenClaw Skill
Name: headers
Version: 1.0.0
The skill bundle is a legitimate HTTP security header auditing tool. It uses the standard Python 'urllib' library to fetch and analyze headers (e.g., HSTS, CSP, X-Frame-Options) from user-provided URLs to provide a security grade. The code in 'headers.py' and 'scripts/headers.py' is transparent, contains no external dependencies, and shows no signs of malicious intent, data exfiltration, or prompt injection.
Capability Assessment
Purpose & Capability
Name/description match the actual behavior: the scripts issue HTTP GETs, inspect response headers, grade presence of security headers, and report info-leak headers. No unrelated credentials, binaries, or config paths are requested. The duplicate files (headers.py and scripts/headers.py) are identical copies — a minor hygiene issue but not a security mismatch.
Instruction Scope
SKILL.md instructs running the included Python script which performs network requests to the provided URLs and prints/returns JSON. The instructions do not read local files, environment variables, or send data to third-party endpoints. Note: because the skill performs arbitrary HTTP requests, an agent running it could be used to probe internal or private endpoints if the agent has network access; this is expected behavior for a network-scanning utility but is a risk to be aware of.
Install Mechanism
No install spec; the skill is instruction-and-script-only and relies on Python's stdlib (urllib). This is low-risk: nothing is downloaded or written during install.
Credentials
The skill requests no environment variables or credentials. Its network access is proportional to its purpose (it must perform HTTP requests to audit headers). There are no unrelated secret accesses or config paths.
Persistence & Privilege
always is false and the skill does not request persistent system privileges or modify other skills. The skill can be invoked autonomously by the agent (platform default), which is expected for a utility — combine this with the note above about network reach when deciding deployment policy.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install headers - After installation, invoke the skill by name or use
/headers - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial release of security-headers skill.
- Audits HTTP security headers for any website and grades security posture A–F.
- Checks 9 essential headers including HSTS, CSP, and X-Frame-Options.
- Detects server information leakage via headers like Server and X-Powered-By.
- Provides command-line usage for single or multiple sites, with optional JSON output.
- Zero external dependencies.
Metadata
Frequently Asked Questions
What is Headers?
Audit HTTP security headers for any website — checks HSTS, CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, COOP, CORP, and... It is an AI Agent Skill for Claude Code / OpenClaw, with 120 downloads so far.
How do I install Headers?
Run "/install headers" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Headers free?
Yes, Headers is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Headers support?
Headers is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Headers?
It is built and maintained by rogue-agent1 (@rogue-agent1); the current version is v1.0.0.
More Skills